Overview

overview

10

Static

static

gerjjkrkjjk33.exe

windows7_x64

1

gerjjkrkjjk33.exe

windows10_x64

10

Resubmissions

26/09/2022, 11:58

220926-n45j6safg8 8

26/09/2022, 11:52

220926-n13leabhaq 8

28/08/2021, 13:15

210828-154l63lwp2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gerjjkrkjjk33.exe

  • Size

    492KB

  • Sample

    210828-154l63lwp2

  • MD5

    e530cbe69e8f66f8a8560ad9f31bfdf3

  • SHA1

    f72ca49a000436158abb13902e4b5a864729723a

  • SHA256

    9d6a780c9d7d1b3d95717fda1f4b388aef2d7282884b0c84714e3755dbabb71b

  • SHA512

    96d75cf5556c4f0ba356edbc62f60b81ee45347bd9a73a93553eba511af62b725f31cf2df3cb5530d6e50ce344dd41a7bf9adbf377627228166e718ee46d24af

Score
10/10
evasionransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\IMPORTANT.txt

Ransom Note
!! sanwaiWARE !! YOUR FILES HAVE BEEN ENCRYPTED. THE ONLY WAY TO GET THEM BACK IS BY MAKING PAYMENT. TO GET YOUR FILES BACK, YOU MUST: - SEND 0.002077 BITCOIN TO bc1qjp5suqqk52fmlu0xa3vzfl34l3ghhp9v55drm6 * MAKE SURE YOU COVER THE FEES AND SEND THE EXACT AMOUNT TO THE ADDRESS! ONCE THE PAYMENT IS MADE, OPEN DECRYPTOR FILE ON DESKTOP AND YOU WILL HAVE ACCESS TO ALL OF YOUR FILES AGAIN, AND THIS WILL NOT HAPPEN AGAIN sanwaiWare 2021
Wallets

bc1qjp5suqqk52fmlu0xa3vzfl34l3ghhp9v55drm6

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\IMPORTANT.html

Ransom Note
sanwaiWare 2021 Your files have been encrypted. Send 0.002077 BITCOIN to bc1qjp5suqqk52fmlu0xa3vzfl34l3ghhp9v55drm6 Once you have sent payment, open the Decryptor on your Desktop. Attempting to reverse will result in your files being lost forever. You have (48) hours from initial notice to make payment. If payment is not made within the time frame, your files will be deleted.
Wallets

bc1qjp5suqqk52fmlu0xa3vzfl34l3ghhp9v55drm6

Targets

    • Target

      gerjjkrkjjk33.exe

    • Size

      492KB

    • MD5

      e530cbe69e8f66f8a8560ad9f31bfdf3

    • SHA1

      f72ca49a000436158abb13902e4b5a864729723a

    • SHA256

      9d6a780c9d7d1b3d95717fda1f4b388aef2d7282884b0c84714e3755dbabb71b

    • SHA512

      96d75cf5556c4f0ba356edbc62f60b81ee45347bd9a73a93553eba511af62b725f31cf2df3cb5530d6e50ce344dd41a7bf9adbf377627228166e718ee46d24af

    Score
    10/10
    evasionransomwarespywarestealer

    • Executes dropped EXE

    • Stops running service(s)

      evasion

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks