Overview

overview

10

Static

static

10

81e81f0bbb...le.exe

windows7_x64

10

81e81f0bbb...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample

  • Size

    416KB

  • Sample

    210726-dkhgywvv6j

  • MD5

    21fa6ebdd397f14bbb68a4e3d012467e

  • SHA1

    0ecff2f818565e7eb28d3a7b7d295459a868e920

  • SHA256

    81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e

  • SHA512

    368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66

Score
10/10
hakbitevasionransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt

Family

hakbit

Ransom Note
Atention! all your important files were encrypted! to get your files back send 0.5 Bitcoin and contact us with proof of payment and your Unique Identifier Key. We will send you a decryption tool with your personal decryption password. Where can you buy Bitcoins: https://www.coinbase.com https://localbitcoins.com Contact: clearcuMc04997@gmail.com. Bitcoin wallet to make the transfer to is: 1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9 Unique Identifier Key (must be sent to us together with proof of payment): ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ E65AYAK6mjLjNU1PFnH5I2lcWyH7+Uam5gRz5U+/MAa9cu65qn0LA0i7EgjzTYP/hAvrvX8FQXy/JHcfFQOQCHIZVwxuvVBuqfStGZwOjG7FPVnfwYtbPExBtHXJSx+Vvji+sFeJ65jQGn/ah/CsSqtAa2YYDsUCRsxdAHm0gJXRGjLzqfLOSyOl15ebDW5C8WyBIfCxnH6jC0nAPYqfNzr81N4IplZyZu1xxrUpO7XDM1h5C5zJ/1LYeMVsFwSPFU8wyp6HzRwd6d3sLR2E2qq6xLvfFE8jzDp2Xxh1w1TPMXyR/mUYPuX9/PAVbMVH56JkGsTEnBwKMam8l9vuyA== ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Number of files that you could have potentially lost forever can be as high as: 116
Emails

clearcuMc04997@gmail.com

Wallets

1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9

Targets

    • Target

      81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample

    • Size

      416KB

    • MD5

      21fa6ebdd397f14bbb68a4e3d012467e

    • SHA1

      0ecff2f818565e7eb28d3a7b7d295459a868e920

    • SHA256

      81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e

    • SHA512

      368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66

    Score
    10/10
    hakbitevasionransomwarespywarestealertrojan

    • Hakbit

      Ransomware which encrypts files using AES, first seen in November 2019.

      ransomwarehakbit

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Disables Task Manager via registry modification

      evasion

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Windows security modification

      evasiontrojan

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks