Overview

overview

10

Static

static

c1e3d816f6...le.exe

windows7_x64

10

c1e3d816f6...le.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c1e3d816f6ff804ab7a2d8213699b6a365ff4635b7b6b284519385cc819c51a7.sample

  • Size

    9.6MB

  • Sample

    210726-hz143cgykn

  • MD5

    0042a6b62bf6332b034ab29afcb12297

  • SHA1

    87b5af627e5a752f7009501ef183d6bcf024670d

  • SHA256

    c1e3d816f6ff804ab7a2d8213699b6a365ff4635b7b6b284519385cc819c51a7

  • SHA512

    00e2101953db9059115bbdbabeccff8dbb85473e8bdf263b70f371d0d47952729b64391adbadb561658ae9e974579a2822a97005cfe01667a8a5601def3e0030

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AMT\!_READ_ME_!.txt

Ransom Note
Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: saveinfo89@yahoo.com === BEGIN === AD7D6889 010200000168000000A4000079409C8EDEC2B1CF 3B8A55E5E52A0CE7BFC3A1309AE1DD48B0868C91 64C659EC368B97D476FFD2FC7B81F3E67B264684 3F8E95F54A36F326E1F2C2AEB51796D11211BB84 B02EE6950576D31ECD4A4408240BAA4ACAD539C8 ADB4F29A513DCD5B4318B29AE7CECB09E5B34F51 827A73BD14B314755B57DC237870FD09FE914A33 === END ===
Emails

saveinfo89@yahoo.com

Wallets

3B8A55E5E52A0CE7BFC3A1309AE1DD48B0868C91

3F8E95F54A36F326E1F2C2AEB51796D11211BB84

Extracted

Path

C:\odt\!_READ_ME_!.txt

Ransom Note
Your files are encrypted with RSA-1024 algorithm. To recovery your files you need to buy our decryptor. To buy decrypting tool contact us at: decrypt482@yahoo.com === BEGIN === AD7D6889 010200000168000000A40000BA59DB5467F7A406 3AF2A2199CAB734F44D7908DC8AA10E446A6C3A9 85B8AB32231BA5B87FF122D678147081ED3E6B0D 9C59066EA3748D45171186EDD97DD82D7B066623 605F37F222FC0D81A53ECF3177709A87289B5845 D7571201358DB808D080A45899410673D97DB015 C10074E0C73C3C93522C6A9CDC3319FBDB478A37 === END ===
Emails

decrypt482@yahoo.com

Wallets

3AF2A2199CAB734F44D7908DC8AA10E446A6C3A9

Targets

    • Target

      c1e3d816f6ff804ab7a2d8213699b6a365ff4635b7b6b284519385cc819c51a7.sample

    • Size

      9.6MB

    • MD5

      0042a6b62bf6332b034ab29afcb12297

    • SHA1

      87b5af627e5a752f7009501ef183d6bcf024670d

    • SHA256

      c1e3d816f6ff804ab7a2d8213699b6a365ff4635b7b6b284519385cc819c51a7

    • SHA512

      00e2101953db9059115bbdbabeccff8dbb85473e8bdf263b70f371d0d47952729b64391adbadb561658ae9e974579a2822a97005cfe01667a8a5601def3e0030

    Score
    10/10
    ransomware

    • Deletes itself

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks