hakbit

General

Target

81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample
Size

416KB
Sample

210726-dkhgywvv6j
MD5

21fa6ebdd397f14bbb68a4e3d012467e
SHA1

0ecff2f818565e7eb28d3a7b7d295459a868e920
SHA256

81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e
SHA512

368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt

Family

hakbit

Ransom Note

Atention! all your important files were encrypted! to get your files back send 0.5 Bitcoin and contact us with proof of payment and your Unique Identifier Key. We will send you a decryption tool with your personal decryption password. Where can you buy Bitcoins: https://www.coinbase.com https://localbitcoins.com Contact: clearcuMc04997@gmail.com. Bitcoin wallet to make the transfer to is: 1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9 Unique Identifier Key (must be sent to us together with proof of payment): ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ E65AYAK6mjLjNU1PFnH5I2lcWyH7+Uam5gRz5U+/MAa9cu65qn0LA0i7EgjzTYP/hAvrvX8FQXy/JHcfFQOQCHIZVwxuvVBuqfStGZwOjG7FPVnfwYtbPExBtHXJSx+Vvji+sFeJ65jQGn/ah/CsSqtAa2YYDsUCRsxdAHm0gJXRGjLzqfLOSyOl15ebDW5C8WyBIfCxnH6jC0nAPYqfNzr81N4IplZyZu1xxrUpO7XDM1h5C5zJ/1LYeMVsFwSPFU8wyp6HzRwd6d3sLR2E2qq6xLvfFE8jzDp2Xxh1w1TPMXyR/mUYPuX9/PAVbMVH56JkGsTEnBwKMam8l9vuyA== ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Number of files that you could have potentially lost forever can be as high as: 116

Emails

clearcuMc04997@gmail.com

Wallets

1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9

Targets

- Target
  
  81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample
- Size
  
  416KB
- MD5
  
  21fa6ebdd397f14bbb68a4e3d012467e
- SHA1
  
  0ecff2f818565e7eb28d3a7b7d295459a868e920
- SHA256
  
  81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e
- SHA512
  
  368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66
Score

10^/10

hakbit evasion ransomware spyware stealer trojan
- Hakbit
  Ransomware which encrypts files using AES, first seen in November 2019.
  ransomware hakbit
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Disables Task Manager via registry modification
  evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Windows security modification
  evasion trojan
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2