General
-
Target
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample
-
Size
416KB
-
Sample
210726-dkhgywvv6j
-
MD5
21fa6ebdd397f14bbb68a4e3d012467e
-
SHA1
0ecff2f818565e7eb28d3a7b7d295459a868e920
-
SHA256
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e
-
SHA512
368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66
Static task
static1
Behavioral task
behavioral1
Sample
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample.exe
Resource
win10v20210410
Malware Config
Extracted
Path |
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt |
Family |
hakbit |
Ransom Note | Atention! all your important files were encrypted! to get your files back send 0.5 Bitcoin and contact us with proof of payment and your Unique Identifier Key. We will send you a decryption tool with your personal decryption password. Where can you buy Bitcoins: https://www.coinbase.com https://localbitcoins.com Contact: clearcuMc04997@gmail.com. Bitcoin wallet to make the transfer to is: 1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9 Unique Identifier Key (must be sent to us together with proof of payment): ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ E65AYAK6mjLjNU1PFnH5I2lcWyH7+Uam5gRz5U+/MAa9cu65qn0LA0i7EgjzTYP/hAvrvX8FQXy/JHcfFQOQCHIZVwxuvVBuqfStGZwOjG7FPVnfwYtbPExBtHXJSx+Vvji+sFeJ65jQGn/ah/CsSqtAa2YYDsUCRsxdAHm0gJXRGjLzqfLOSyOl15ebDW5C8WyBIfCxnH6jC0nAPYqfNzr81N4IplZyZu1xxrUpO7XDM1h5C5zJ/1LYeMVsFwSPFU8wyp6HzRwd6d3sLR2E2qq6xLvfFE8jzDp2Xxh1w1TPMXyR/mUYPuX9/PAVbMVH56JkGsTEnBwKMam8l9vuyA== ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Number of files that you could have potentially lost forever can be as high as: 116 |
Emails |
clearcuMc04997@gmail.com |
Wallets |
1Kex5QmBGtJLDagn3o2p1yoqyKn2A6EFG9 |
Targets
-
-
Target
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e.sample
-
Size
416KB
-
MD5
21fa6ebdd397f14bbb68a4e3d012467e
-
SHA1
0ecff2f818565e7eb28d3a7b7d295459a868e920
-
SHA256
81e81f0bbbdb831eda215033b7a7dbf2eed3812f4e58118f181a8e99e613179e
-
SHA512
368e0c8e973f2cf655ea8a69be07b29bc073b2855f6feb9130f5fa8569cfa8d094549ec5d7706c293f8b22ae8bb6ee1b7dd2f4c2d2ccff94e7435e36d966bf66
-
Disables Task Manager via registry modification
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation