General

  • Target

    4c51a104fa1bca7b0523fd1998474b74e8893cef48f877e43cef582ec84ab640.sample

  • Size

    15KB

  • Sample

    210726-pc41dq7sds

  • MD5

    2a673709121d05bc57863002f8c62c51

  • SHA1

    3b26393fc5f2c5ae8f088e96a1e79f80273d4947

  • SHA256

    4c51a104fa1bca7b0523fd1998474b74e8893cef48f877e43cef582ec84ab640

  • SHA512

    1dbc7e7bf666f8963abfdb87cc7b131791309123288557152a3e4d30c259b2fcc26a3d52103a14abb7c6f95dbe9fc4fb943d4813719a967976396c4ba321cdbf

Malware Config

Extracted

Path

C:\[HOW TO RECOVER FILES].TXT

Family

prolock

Ransom Note
Your files have been encrypted by ProLock Ransomware using RSA-2048 algorithm. [.:Nothing personal just business:.] No one can help you to restore files without our special decryption tool. To get your files back you have to pay the decryption fee in BTC. The final price depends on how fast you write to us. 1. Download TOR browser: https://www.torproject.org/ 2. Install the TOR Browser. 3. Open the TOR Browser. 4. Open our website in the TOR browser: ug76vzhn2fujp6of2mjb6rjt4rploqe4q5gr2bkuaiwmzpf7nehzpsqd.onion 5. Login using your ID PPD8535CAAEC677E9FAF ***If you have any problems connecting or using TOR network: contact our support by email chec1kyourf1les@protonmail.com [You'll receive instructions and price inside] The decryption keys will be stored for 1 month. We also have gathered your sensitive data. We would share it in case you refuse to pay. Decryption using third party software is impossible. Attempts to self-decrypting files will result in the loss of your data.
Emails

chec1kyourf1les@protonmail.com

URLs

http://ug76vzhn2fujp6of2mjb6rjt4rploqe4q5gr2bkuaiwmzpf7nehzpsqd.onion

Targets

    • Target

      4c51a104fa1bca7b0523fd1998474b74e8893cef48f877e43cef582ec84ab640.sample

    • Size

      15KB

    • MD5

      2a673709121d05bc57863002f8c62c51

    • SHA1

      3b26393fc5f2c5ae8f088e96a1e79f80273d4947

    • SHA256

      4c51a104fa1bca7b0523fd1998474b74e8893cef48f877e43cef582ec84ab640

    • SHA512

      1dbc7e7bf666f8963abfdb87cc7b131791309123288557152a3e4d30c259b2fcc26a3d52103a14abb7c6f95dbe9fc4fb943d4813719a967976396c4ba321cdbf

    • ProLock Ransomware

      Rebranded update of PwndLocker first seen in March 2020.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Collection

Data from Local System

1
T1005

Tasks