Overview

overview

10

Static

static

e972af26d5...le.exe

windows7_x64

10

e972af26d5...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e972af26d5261da3daa1e12e11f357e1e4ce19cd43997f6b7a925a5b9cc8614c.sample

  • Size

    7KB

  • Sample

    210726-77cttc8gma

  • MD5

    ebbc82f619471384f392efd5c4d05883

  • SHA1

    17d91b45c8615d0f09d1100d2be396cbcba21fde

  • SHA256

    e972af26d5261da3daa1e12e11f357e1e4ce19cd43997f6b7a925a5b9cc8614c

  • SHA512

    3e33bd22c440e9ab4a065d216467c1220780aa2a39a38ea4aec81d050d3e6048e87244341fbeac2cdefebae9fe987b713e0d4fcf34adf1390b5ccda6dd448241

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\!_READ_ME_!.txt

Ransom Note
Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: saveinfo89@yahoo.com === BEGIN === AD7D6889 010200000168000000A4000094959FA68FC849B1 D588B4A8BB946B48C8C1F20785D20A609ADA6DA9 C5485641F50A2BB3CCCA0FD4712DB1702CE83D72 E2D6AD414B26ABC41356D000F956E580A000AA12 27D627D7C40D79C20AF94D62587ECA2CE3288754 81B9EA302642A744ED9F4A08DF4062A3A6E3DD8F 4977DBA10ABE5552070316A6DE8DBDDC3D7ED346 === END ===
Emails

saveinfo89@yahoo.com

Extracted

Path

C:\odt\!_READ_ME_!.txt

Ransom Note
Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: saveinfo89@yahoo.com === BEGIN === AD7D6889 010200000168000000A40000BD7DB4E2EBEE1544 BEB9D99571A8D84A7040F22B0ADB6E3B833BCF2E C5D4F995343F6EDF3093A92CFA8FBD94D168F792 6C9C083E7B47B200F51447AB4F543AB74F873474 733C6A6C982B49CB40F4DABEB74CB526713A9A6C 28A36B0BAAFED1D100DCDFCD66AE0B46AA71F64C C85D9710D96244EF863BCFEE2A54DB405DC40B30 === END ===
Emails

saveinfo89@yahoo.com

Targets

    • Target

      e972af26d5261da3daa1e12e11f357e1e4ce19cd43997f6b7a925a5b9cc8614c.sample

    • Size

      7KB

    • MD5

      ebbc82f619471384f392efd5c4d05883

    • SHA1

      17d91b45c8615d0f09d1100d2be396cbcba21fde

    • SHA256

      e972af26d5261da3daa1e12e11f357e1e4ce19cd43997f6b7a925a5b9cc8614c

    • SHA512

      3e33bd22c440e9ab4a065d216467c1220780aa2a39a38ea4aec81d050d3e6048e87244341fbeac2cdefebae9fe987b713e0d4fcf34adf1390b5ccda6dd448241

    Score
    10/10
    ransomware

    • Deletes itself

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks