lsass.exe

General
Target

lsass.exe

Size

115KB

Sample

210408-nwgl3k13nj

Score
10 /10
MD5

5a73d01f81ff11ec92dbc2233c05e15f

SHA1

1a05f691f72406155136ecfdf5ddee8e9bfa20ce

SHA256

68ea179770a48ab47976303c9b6db79df2a5213b505fa913201ee6ceabf63a76

SHA512

b58097ddc44ef98d7db107634c1fc8db18b0e1828096e8304aa5864bc14fda3fdc82d69c631c8af39cfbc32a23d6795b3a9d4b717f99860fa7b6bb048fcaecf1

Malware Config

Extracted

Path C:\Users\Admin\Desktop\DecryptGuide.txt
Ransom Note
[ATTENTION] All of your files are encrypted with RSA-2048 and AES-128 ciphers. Decrypting of your files is only possible with the private key and decrypt program. Backups were either encrypted. Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover. We exclusively have decryption software for your situation. No decryption software is available in the public. DO NOT RESET OR SHUTDOWN -files may be damaged. DO NOT DELETE this file. To confirm your decryption software, please send 2 or 3 different random files and you will get them decrypted. To get decryption, please contact us. ha7medtit@tutanota.com or araujosantos@protonmail.com You will receive btc address for payment in the reply letter. !!!Your CODE is : AAABAFxXlqBiGEoIVCFtKr20ZRvXxz
Emails

ha7medtit@tutanota.com

araujosantos@protonmail.com

Targets
Target

lsass.exe

MD5

5a73d01f81ff11ec92dbc2233c05e15f

Filesize

115KB

Score
10 /10
SHA1

1a05f691f72406155136ecfdf5ddee8e9bfa20ce

SHA256

68ea179770a48ab47976303c9b6db79df2a5213b505fa913201ee6ceabf63a76

SHA512

b58097ddc44ef98d7db107634c1fc8db18b0e1828096e8304aa5864bc14fda3fdc82d69c631c8af39cfbc32a23d6795b3a9d4b717f99860fa7b6bb048fcaecf1

Tags

Signatures

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Drops desktop.ini file(s)

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Initial Access
          Lateral Movement
            Persistence
              Privilege Escalation
                Tasks

                static1

                behavioral1

                10/10

                behavioral2

                9/10