69775389eb0207fec3a3f5649a0ad9315856c810f595c086ac49d68cdbc1d136

General

Target

aXdTiesCB-7Do-VkmgrZMVhWyBD1lcCGrEnWjNvB0TY.bin
Size

1.9MB
Sample

210606-s6arabmc1x
MD5

063771d5573448ee6a271584a4b6a26a
SHA1

e23637ea81751e558fca17ef1a54b6e39d2e83c3
SHA256

69775389eb0207fec3a3f5649a0ad9315856c810f595c086ac49d68cdbc1d136
SHA512

b17cd1310d4fd2af4659e6e9b2a218c3930f5d1ec439939331c71af789e39865d8afdc7e1fc93b62311aae4ae6adea1eb0d29bbb67427877a8ef60a19cbadabf

Score

10^/10

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\PAYLOADBIN-README.txt

Ransom Note

The network is LOCKED with PAYLOADBIN ransomware. Don't try to use other software. For decryption KEY write HERE: #1 [email protected] | #2 [email protected]

Emails

[email protected]

Targets

- Target
  
  aXdTiesCB-7Do-VkmgrZMVhWyBD1lcCGrEnWjNvB0TY.bin
- Size
  
  1.9MB
- MD5
  
  063771d5573448ee6a271584a4b6a26a
- SHA1
  
  e23637ea81751e558fca17ef1a54b6e39d2e83c3
- SHA256
  
  69775389eb0207fec3a3f5649a0ad9315856c810f595c086ac49d68cdbc1d136
- SHA512
  
  b17cd1310d4fd2af4659e6e9b2a218c3930f5d1ec439939331c71af789e39865d8afdc7e1fc93b62311aae4ae6adea1eb0d29bbb67427877a8ef60a19cbadabf
Score

10^/10

cryptone packer ransomware
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

CryptOne packer

Executes dropped EXE

Modifies extensions of user files

Deletes itself

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2