Overview

overview

10

Static

static

9

aXdTiesCB-...in.exe

windows7_x64

10

aXdTiesCB-...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    aXdTiesCB-7Do-VkmgrZMVhWyBD1lcCGrEnWjNvB0TY.bin

  • Size

    1.9MB

  • Sample

    210606-s6arabmc1x

  • MD5

    063771d5573448ee6a271584a4b6a26a

  • SHA1

    e23637ea81751e558fca17ef1a54b6e39d2e83c3

  • SHA256

    69775389eb0207fec3a3f5649a0ad9315856c810f595c086ac49d68cdbc1d136

  • SHA512

    b17cd1310d4fd2af4659e6e9b2a218c3930f5d1ec439939331c71af789e39865d8afdc7e1fc93b62311aae4ae6adea1eb0d29bbb67427877a8ef60a19cbadabf

Score
10/10
cryptonepackerransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PAYLOADBIN-README.txt

Ransom Note
The network is LOCKED with PAYLOADBIN ransomware. Don't try to use other software. For decryption KEY write HERE: #1 [email protected] | #2 [email protected]

Targets

    • Target

      aXdTiesCB-7Do-VkmgrZMVhWyBD1lcCGrEnWjNvB0TY.bin

    • Size

      1.9MB

    • MD5

      063771d5573448ee6a271584a4b6a26a

    • SHA1

      e23637ea81751e558fca17ef1a54b6e39d2e83c3

    • SHA256

      69775389eb0207fec3a3f5649a0ad9315856c810f595c086ac49d68cdbc1d136

    • SHA512

      b17cd1310d4fd2af4659e6e9b2a218c3930f5d1ec439939331c71af789e39865d8afdc7e1fc93b62311aae4ae6adea1eb0d29bbb67427877a8ef60a19cbadabf

    Score
    10/10
    cryptonepackerransomware

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks