Overview

overview

10

Static

static

3

Document.exe

windows7_x64

7

Document.exe

windows10_x64

10

Resubmissions

07/09/2022, 19:58

220907-ypwc3achd3 7

03/08/2021, 09:41

210803-sp73xlckl2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Document.exe

  • Size

    14.1MB

  • Sample

    210803-sp73xlckl2

  • MD5

    5210735409235c1aaf674fefddd33e35

  • SHA1

    7c75657618cdeb21eedd587d960a608c4ead60f1

  • SHA256

    053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358

  • SHA512

    e382f86366f1a5dc7f665dd19e48410e69614cced4b5cb2deabec58e4b948906d34df42195010ea3a58e5c63579f042b0b6eb8e2f70c99d9b013d776f098985d

Score
10/10
pyinstallerransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RANSOM_NOTE.txt

Ransom Note
The harddisks of your computer have been encrypted with an Military grade encryption algorithm. There is no way to restore your data without a special key. Only we can decrypt your files! To purchase your key and restore your data, please follow these three easy steps: 1. Email the file called EMAIL_ME.txt at C:\Users\Admin/Desktop/EMAIL_ME.txt to [email protected] 2. You will recieve your personal BTC address for payment. Once payment has been completed, send another email to [email protected] stating "PAID". We will check to see if payment has been paid. 3. You will receive a text file with your KEY that will unlock all your files. IMPORTANT: To decrypt your files, place text file on desktop and wait. Shortly after it will begin to decrypt all files. WARNING: Do NOT attempt to decrypt your files with any software as it is obselete and will not work, and may cost you more to unlcok your files. Do NOT change file names, mess with the files, or run deccryption software as it will cost you more to unlock your files- -and there is a high chance you will lose your files forever. Do NOT send "PAID" button without paying, price WILL go up for disobedience. Do NOT think that we wont delete your files altogether and throw away the key if you refuse to pay. WE WILL.

Targets

    • Target

      Document.exe

    • Size

      14.1MB

    • MD5

      5210735409235c1aaf674fefddd33e35

    • SHA1

      7c75657618cdeb21eedd587d960a608c4ead60f1

    • SHA256

      053e7603d2776f39c17d74cd5a095d2fa4727ce019cb91274c135be4b9732358

    • SHA512

      e382f86366f1a5dc7f665dd19e48410e69614cced4b5cb2deabec58e4b948906d34df42195010ea3a58e5c63579f042b0b6eb8e2f70c99d9b013d776f098985d

    Score
    10/10
    ransomwarespywarestealer

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks