General
-
Target
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5.sample
-
Size
61KB
-
Sample
210726-7kdxb4j7ve
-
MD5
2a66b3b2638dfc5dfcf8aaf825993269
-
SHA1
4e04822d6b8c3087be0550dba96f0c80d84359f8
-
SHA256
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5
-
SHA512
1d63645dc8564057367ed295cb56b0aebdb071b652786d67ae2d9fc0371a034231ace703001bc353b303000fde0c6f9774a120ace83b665964278f8e7127c435
Static task
static1
Behavioral task
behavioral1
Sample
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5.sample.exe
Resource
win10v20210408
Malware Config
Extracted
Path |
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt |
Family |
hakbit |
Ransom Note | Atention! all your important files were encrypted! to get your files back send 1 Bitcoins and contact us with proof of payment and your Unique Identifier Key. We will send you a decryption tool with your personal decryption password. Where can you buy Bitcoins: https://www.coinbase.com https://localbitcoins.com Contact: torsec1@secmail.pro agarrard@protonmail.com Bitcoin wallet to make the transfer to is: 1F9i1vpfGfKXaUqhhgTmxe9Y2aS8stSGvR1F9i1vpfGfKXaUqhhgTmxe9Y2aS8stSGvR Unique Identifier Key (must be sent to us together with proof of payment): ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ MP20BmgzYCXvImRatoGL+q+WvgnrNvM4H7wmIZQet5imyu8Lk6Ps0IgChbYpAvcV1LlaXRk5l4NIStrUFPszW/5lTfH2CIdAz7VSA/eVWg3qkxG+0hURjLNCnBqJt4WPmQsG4h9VzYPWBCiFOZ7+Gva1ailSHx0Itu2oKOjH4fQbkklXqeVC/FCc3QduTj0MrPgjnK20NYBtqP5DkV5d7jnXNU+eAasZXS0fN3zBariWU8D+BdoQlE/zHz0XseJv3gY47A+4qsGwBp8WxWhr/ICtnISf3luOQ9xjEt1e+TRIAKH7B+OGpbVCexLIy3v/6B59UzAUOJ+zPY/ECxSHQw== ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
Emails |
torsec1@secmail.pro agarrard@protonmail.com |
Targets
-
-
Target
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5.sample
-
Size
61KB
-
MD5
2a66b3b2638dfc5dfcf8aaf825993269
-
SHA1
4e04822d6b8c3087be0550dba96f0c80d84359f8
-
SHA256
10dc9cb12580bc99f039b1c084ca6f136047ac4d5555ad90a7b682a2ffac4dc5
-
SHA512
1d63645dc8564057367ed295cb56b0aebdb071b652786d67ae2d9fc0371a034231ace703001bc353b303000fde0c6f9774a120ace83b665964278f8e7127c435
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation