a653a4d7a1dd36b965591b6f55584ba3d73124eccc92e94ce28a71a0f0415f5a

General

Target

a653a4d7a1dd36b965591b6f55584ba3d73124eccc92e94ce28a71a0f0415f5a
Size

126KB
Sample

210525-zjz5mlvglj
MD5

e1ff64f0910b1e31a12a17ecc9173250
SHA1

edee8ab5e9edae3c6f7fbff32151c9d9e2c7f360
SHA256

a653a4d7a1dd36b965591b6f55584ba3d73124eccc92e94ce28a71a0f0415f5a
SHA512

10364700d1dd533bbf2345908067129386e119cb434ceaff55282a2ee2cc58fc9ddfca40fbc3e333dd4394436eabeb5c29268c088f94eec95abc69921af48428

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\READ_ME.crypted.txt

Ransom Note

Your files are encrypted. If you want to unlock them send 50$ worth of bitcoin to this address: 36yFAmBGNDowqjXxbaPA2F3byPUoxWfZyz After that email your transaction ID, pc code and username to: [email protected] After that wait for our response and we will send you your unique password and decryptor. Encrypted files: C:\Users\Admin\Desktop\AddInstall.potx C:\Users\Admin\Desktop\ApproveInitialize.ADTS C:\Users\Admin\Desktop\CompressUnregister.3g2 C:\Users\Admin\Desktop\ConfirmStop.cab C:\Users\Admin\Desktop\ConvertFromInstall.search-ms C:\Users\Admin\Desktop\DenyPop.xps C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Desktop\ExitNew.pot C:\Users\Admin\Desktop\OptimizeSync.jpg C:\Users\Admin\Desktop\ProtectSplit.mpa C:\Users\Admin\Desktop\PublishRemove.txt C:\Users\Admin\Desktop\ReadEnable.m4a C:\Users\Admin\Desktop\ReceiveUninstall.vst C:\Users\Admin\Desktop\RequestConvert.txt C:\Users\Admin\Desktop\ResetPush.exe C:\Users\Admin\Desktop\ResizeMeasure.sql C:\Users\Admin\Desktop\ResolveRequest.ps1xml C:\Users\Admin\Desktop\ResolveResume.tif C:\Users\Admin\Desktop\ResolveShow.potx C:\Users\Admin\Desktop\RestoreApprove.3gp C:\Users\Admin\Desktop\SaveConnect.rtf C:\Users\Admin\Desktop\SearchSplit.MOD C:\Users\Admin\Desktop\ShowMerge.7z C:\Users\Admin\Desktop\StopExit.temp C:\Users\Admin\Desktop\UnprotectConvert.pcx C:\Users\Admin\Desktop\UnpublishCheckpoint.vbe C:\Users\Admin\Desktop\UpdateUnprotect.htm C:\Users\Admin\Desktop\WaitSearch.xsl C:\Users\Admin\Desktop\WriteApprove.WTV C:\Users\Admin\Pictures\BackupMove.wmf C:\Users\Admin\Pictures\CompareRestart.dwg C:\Users\Admin\Pictures\ConnectSuspend.jpg C:\Users\Admin\Pictures\ConvertFromExport.raw C:\Users\Admin\Pictures\DebugPing.eps C:\Users\Admin\Pictures\DenyDisconnect.wmf C:\Users\Admin\Pictures\DenyRead.svg C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Pictures\EditGrant.dxf C:\Users\Admin\Pictures\ExitHide.emz C:\Users\Admin\Pictures\FindClear.svgz C:\Users\Admin\Pictures\FormatHide.raw C:\Users\Admin\Pictures\GrantRegister.bmp C:\Users\Admin\Pictures\MeasureConnect.pcx C:\Users\Admin\Pictures\MergeShow.tif C:\Users\Admin\Pictures\PingUnprotect.jpeg C:\Users\Admin\Pictures\PushRestore.bmp C:\Users\Admin\Pictures\RegisterExpand.gif C:\Users\Admin\Pictures\RevokeAdd.wmf C:\Users\Admin\Pictures\RevokeClose.svgz C:\Users\Admin\Pictures\RevokeNew.jpg C:\Users\Admin\Pictures\SendUse.eps C:\Users\Admin\Pictures\SplitInstall.crw C:\Users\Admin\Pictures\StartInitialize.dib C:\Users\Admin\Pictures\StepAssert.bmp C:\Users\Admin\Pictures\StepImport.pcx C:\Users\Admin\Pictures\SubmitDisable.ico C:\Users\Admin\Pictures\TraceSave.emz C:\Users\Admin\Pictures\Wallpaper.jpg C:\Users\Admin\Pictures\WriteRestore.gif C:\Users\Admin\Documents\Are.docx C:\Users\Admin\Documents\AssertShow.ppt C:\Users\Admin\Documents\ConvertCompare.vst C:\Users\Admin\Documents\ConvertFromWrite.vstx C:\Users\Admin\Documents\DebugGroup.mhtml C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\Documents\EnterInvoke.wps C:\Users\Admin\Documents\ExportEnable.vssm C:\Users\Admin\Documents\Files.docx C:\Users\Admin\Documents\FormatGrant.ods C:\Users\Admin\Documents\FormatSubmit.pub C:\Users\Admin\Documents\FormatUninstall.wps C:\Users\Admin\Documents\ImportUnregister.htm C:\Users\Admin\Documents\MergeRename.txt C:\Users\Admin\Documents\MountApprove.htm C:\Users\Admin\Documents\Opened.docx C:\Users\Admin\Documents\ProtectImport.docx C:\Users\Admin\Documents\ProtectResolve.ppsm C:\Users\Admin\Documents\ReceiveBlock.mht C:\Users\Admin\Documents\ReceiveResolve.wps C:\Users\Admin\Documents\Recently.docx C:\Users\Admin\Documents\RemoveUndo.mht C:\Users\Admin\Documents\RequestReset.vstm C:\Users\Admin\Documents\ResetPing.odt C:\Users\Admin\Documents\SendDismount.vst C:\Users\Admin\Documents\SplitUndo.dotm C:\Users\Admin\Documents\StartSet.vdw C:\Users\Admin\Documents\SubmitInvoke.ppsx C:\Users\Admin\Documents\SubmitWatch.docm C:\Users\Admin\Documents\These.docx C:\Users\Admin\Documents\TraceSelect.ppsx C:\Users\Admin\Documents\UnlockSet.vdx C:\Users\Admin\Documents\UseWait.potx C:\Users\Admin\Documents\WatchAdd.vssx C:\Users\Admin\Documents\WriteRegister.vsx

Emails

[email protected]

Wallets

36yFAmBGNDowqjXxbaPA2F3byPUoxWfZyz

Extracted

Path

C:\Users\Admin\Desktop\READ_ME.crypted.txt

Ransom Note

Your files are encrypted. If you want to unlock them send 50$ worth of bitcoin to this address: 36yFAmBGNDowqjXxbaPA2F3byPUoxWfZyz After that email your transaction ID, pc code and username to: [email protected] After that wait for our response and we will send you your unique password and decryptor. Encrypted files: C:\Users\Admin\Desktop\CompareDisable.inf C:\Users\Admin\Desktop\ConfirmUnregister.AAC C:\Users\Admin\Desktop\ConvertFromRedo.gif C:\Users\Admin\Desktop\ConvertFromRename.001 C:\Users\Admin\Desktop\ConvertResume.iso C:\Users\Admin\Desktop\desktop.ini C:\Users\Admin\Desktop\EditReset.otf C:\Users\Admin\Desktop\MeasureConvertTo.ttc C:\Users\Admin\Desktop\MeasureInstall.xla C:\Users\Admin\Desktop\MountUninstall.dwfx C:\Users\Admin\Desktop\ProtectSplit.3gpp C:\Users\Admin\Desktop\ProtectStep.jpg C:\Users\Admin\Desktop\RepairRestore.wmv C:\Users\Admin\Desktop\RestartBlock.vstx C:\Users\Admin\Desktop\ResumeFormat.mov C:\Users\Admin\Desktop\SendExpand.odp C:\Users\Admin\Desktop\StopCheckpoint.rtf C:\Users\Admin\Desktop\SubmitDisconnect.mpeg C:\Users\Admin\Desktop\TraceRemove.easmx C:\Users\Admin\Desktop\UnblockRegister.ini C:\Users\Admin\Desktop\UpdateConnect.sys C:\Users\Admin\Pictures\CheckpointInitialize.gif C:\Users\Admin\Pictures\CheckpointSearch.ico C:\Users\Admin\Pictures\CopySend.jpg C:\Users\Admin\Pictures\DebugMeasure.png C:\Users\Admin\Pictures\desktop.ini C:\Users\Admin\Pictures\EditImport.dxf C:\Users\Admin\Pictures\EnableTest.cr2 C:\Users\Admin\Pictures\ExitEnable.ico C:\Users\Admin\Pictures\ExpandComplete.png C:\Users\Admin\Pictures\InitializeResolve.raw C:\Users\Admin\Pictures\NewProtect.svg C:\Users\Admin\Pictures\OutLimit.tif C:\Users\Admin\Pictures\PopConvert.raw C:\Users\Admin\Pictures\ResizeAdd.jpg C:\Users\Admin\Pictures\ResumeTrace.emf C:\Users\Admin\Pictures\ResumeWrite.crw C:\Users\Admin\Pictures\RevokeSuspend.svgz C:\Users\Admin\Pictures\UnprotectRemove.eps C:\Users\Admin\Pictures\UnprotectSubmit.dib C:\Users\Admin\Pictures\UnpublishComplete.svg C:\Users\Admin\Pictures\Wallpaper.jpg C:\Users\Admin\Pictures\WriteSave.crw C:\Users\Admin\Pictures\Camera Roll\desktop.ini C:\Users\Admin\Pictures\Saved Pictures\desktop.ini C:\Users\Admin\Documents\Are.docx C:\Users\Admin\Documents\ConnectSubmit.ppsm C:\Users\Admin\Documents\ConvertFromShow.xlt C:\Users\Admin\Documents\desktop.ini C:\Users\Admin\Documents\ExitSync.vdw C:\Users\Admin\Documents\Files.docx C:\Users\Admin\Documents\FindUnprotect.xps C:\Users\Admin\Documents\GroupInvoke.xlsb C:\Users\Admin\Documents\InstallRestore.xls C:\Users\Admin\Documents\Opened.docx C:\Users\Admin\Documents\PingMerge.pub C:\Users\Admin\Documents\PopSuspend.vsdm C:\Users\Admin\Documents\ReceiveSync.html C:\Users\Admin\Documents\Recently.docx C:\Users\Admin\Documents\SetEdit.xlsb C:\Users\Admin\Documents\ShowTest.rtf C:\Users\Admin\Documents\These.docx C:\Users\Admin\Documents\UnregisterExit.vsdx C:\Users\Admin\Documents\UnregisterHide.ppt C:\Users\Admin\Documents\UpdateSet.vstm C:\Users\Admin\Documents\WriteSwitch.odt C:\Users\Admin\Documents\WriteUnprotect.vsx

Emails

[email protected]

Wallets

36yFAmBGNDowqjXxbaPA2F3byPUoxWfZyz

Targets

- Target
  
  a653a4d7a1dd36b965591b6f55584ba3d73124eccc92e94ce28a71a0f0415f5a
- Size
  
  126KB
- MD5
  
  e1ff64f0910b1e31a12a17ecc9173250
- SHA1
  
  edee8ab5e9edae3c6f7fbff32151c9d9e2c7f360
- SHA256
  
  a653a4d7a1dd36b965591b6f55584ba3d73124eccc92e94ce28a71a0f0415f5a
- SHA512
  
  10364700d1dd533bbf2345908067129386e119cb434ceaff55282a2ee2cc58fc9ddfca40fbc3e333dd4394436eabeb5c29268c088f94eec95abc69921af48428
Score

10^/10

ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Targets

Modifies extensions of user files

Drops desktop.ini file(s)

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2