General
-
Target
90cf35560032c380ddaaa05d9ed6baacbc7526a94a992a07fd02f92f371a8e92
-
Size
500KB
-
Sample
210408-nwjvms1t1e
-
MD5
bc92920af8fcf53ccf9efd3c9d52e13a
-
SHA1
8ec2266a0e4c807973a27bc9cf5b10b4d11f6c5c
-
SHA256
90cf35560032c380ddaaa05d9ed6baacbc7526a94a992a07fd02f92f371a8e92
-
SHA512
a5a9c06cb664594f2ab18b5582faf6dc4f0c0e92978f3059b036d7855bec1b69ccf9591e7b0b535dae84f6dc63c3b414d10cb37d1dac14b481a4dc0dc4258d2d
Malware Config
Extracted
mespinoza
-
ransomnote
Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: [email protected] [email protected] [email protected] Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet. Check out our website, we just posted there new updates for our partners: http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion/ -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What to tell my boss? A: Protect Your System Amigo.
Targets
-
-
Target
90cf35560032c380ddaaa05d9ed6baacbc7526a94a992a07fd02f92f371a8e92
-
Size
500KB
-
MD5
bc92920af8fcf53ccf9efd3c9d52e13a
-
SHA1
8ec2266a0e4c807973a27bc9cf5b10b4d11f6c5c
-
SHA256
90cf35560032c380ddaaa05d9ed6baacbc7526a94a992a07fd02f92f371a8e92
-
SHA512
a5a9c06cb664594f2ab18b5582faf6dc4f0c0e92978f3059b036d7855bec1b69ccf9591e7b0b535dae84f6dc63c3b414d10cb37d1dac14b481a4dc0dc4258d2d
Score10/10-
Mespinoza Ransomware
Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-