targetcompany

General

Target

863e4557e550dd89e5ca0e43c57a3fc1889145c76ec9787e97f76e959fc8e1e1
Size

128KB
Sample

210617-t6kkx9hs4j
MD5

d687eb9fea18e6836bd572b2d180b144
SHA1

0e7f076d59ab24ab04200415cb35037c619d0bae
SHA256

863e4557e550dd89e5ca0e43c57a3fc1889145c76ec9787e97f76e959fc8e1e1
SHA512

16aed099d7d1131facb76591176566a9de9a140948f467b7a43d7518215ce24490956b0996d0f7638cf0d313947f12d91d145ebe4d584779e119707d59463684

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\How to decrypt files.txt

Family

targetcompany

Ransom Note

Your personal identifier: FBB809859CB0 All files on TOHNICHI network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact * Follow the instructions on the website. Q: What guarantees? A: Before paying, we can decrypt several of your test files. Files should not contain valuable information. Q: Can I decrypt my data for free or through intermediaries? A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam.�

URLs

http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact

Extracted

Path

C:\Program Files\How to decrypt files.txt

Family

targetcompany

Ransom Note

Your personal identifier: 4FFBEE10F033 All files on TOHNICHI network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact * Follow the instructions on the website. Q: What guarantees? A: Before paying, we can decrypt several of your test files. Files should not contain valuable information. Q: Can I decrypt my data for free or through intermediaries? A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam.�

URLs

http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact

Targets

- Target
  
  863e4557e550dd89e5ca0e43c57a3fc1889145c76ec9787e97f76e959fc8e1e1
- Size
  
  128KB
- MD5
  
  d687eb9fea18e6836bd572b2d180b144
- SHA1
  
  0e7f076d59ab24ab04200415cb35037c619d0bae
- SHA256
  
  863e4557e550dd89e5ca0e43c57a3fc1889145c76ec9787e97f76e959fc8e1e1
- SHA512
  
  16aed099d7d1131facb76591176566a9de9a140948f467b7a43d7518215ce24490956b0996d0f7638cf0d313947f12d91d145ebe4d584779e119707d59463684
Score

10^/10

targetcompany evasion ransomware
- TargetCompany
  Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
  ransomware targetcompany
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Generic Ransomware Note
  Ransomware often writes a note containing information on how to pay the ransom.
behavioral1 behavioral2