Overview

overview

10

Static

static

10

415321444d...a3.exe

windows7_x64

10

415321444d...a3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    415321444d2ab732e84ff7acb4739e09827ee2fcc748d0fa1d7504bae1d133a3.exe

  • Size

    128KB

  • Sample

    210811-pgc8cvzvlx

  • MD5

    af8c28577e447bb43f80cc81c518d146

  • SHA1

    206f2335b0d7e42553bac9841e67b7f3c8e2d645

  • SHA256

    415321444d2ab732e84ff7acb4739e09827ee2fcc748d0fa1d7504bae1d133a3

  • SHA512

    39d7f007a9b439107140382b19a192ce3ec12824eeda71a62dcbfc97afe7e78fff7f203a86a460b7147c629a67f080db4a087284c30ad9933e6db68e81cd624e

Score
10/10
targetcompanyevasionransomware

Malware Config

Extracted

Path

C:\Users\Admin\How to decrypt files.txt

Family

targetcompany

Ransom Note
Your personal identifier: DF8NMQN4DLD All files on Hellenic Recovery Recycling Corporation SA network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. In addition, we have ~170 gb of data from your network. We can see your partners and if you don't get in contact, we will let them know that you were the source of the data leak. We are aware of the strictness of the European data protection law (GPRD) and we are sure that you are not interested in publishing it. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact * Follow the instructions on the website. Q: What guarantees? A: Before paying, we can decrypt several of your test files. Files should not contain valuable information. Q: Can I decrypt my data for free or through intermediaries? A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam. �
URLs

http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact

Targets

    • Target

      415321444d2ab732e84ff7acb4739e09827ee2fcc748d0fa1d7504bae1d133a3.exe

    • Size

      128KB

    • MD5

      af8c28577e447bb43f80cc81c518d146

    • SHA1

      206f2335b0d7e42553bac9841e67b7f3c8e2d645

    • SHA256

      415321444d2ab732e84ff7acb4739e09827ee2fcc748d0fa1d7504bae1d133a3

    • SHA512

      39d7f007a9b439107140382b19a192ce3ec12824eeda71a62dcbfc97afe7e78fff7f203a86a460b7147c629a67f080db4a087284c30ad9933e6db68e81cd624e

    Score
    10/10
    targetcompanyevasionransomware

    • TargetCompany

      Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.

      ransomwaretargetcompany

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks