tongda | 85b3feab4909c92206c42bcfda5ccc3fac3e4c083dfedf1ec6fa62f446ab78dd

General

Target

85b3feab4909c92206c42bcfda5ccc3fac3e4c083dfedf1ec6fa62f446ab78dd.exe
Size

2.9MB
Sample

210907-q7tyysfhfp
MD5

2afaaba149d078aee64dfc7f979400f0
SHA1

d771c3660ff7f370d9daea55a397b0d9e3d6ba26
SHA256

85b3feab4909c92206c42bcfda5ccc3fac3e4c083dfedf1ec6fa62f446ab78dd
SHA512

5333e86582435b4341c32f701adb75b7356026118292bd59c84807ac27b1099ddd0fe56b840b8e0a3feca60835b05b1e1af2cebb53d557f11213ecf9d46ff7bf

Score

10^/10

Malware Config

Extracted

Path

C:\readme_readme_readme.txt

Family

tongda

Ransom Note

send 0.3 bitcoin to 12ZsBrX4UTsdjJbx84GcPFGEQaKMyYU29p screenchot and key send to [email protected] and [email protected] key:Q+OmTXJ/v7xwxCzseawcqw+GMBS9xeQsZo/Ltnp7bsxfSZFEOOcSAx7vqbDfT0D2D2zpDmW0m8EBBRQjZ0l9C9Z1kUjdPNwwjGbF6sNZ7arrwJe7bPqGV+jez+s4fC04TUlyYkfLY7RmVzKW1peNNuABez/YuKH2mgO5FEgfDO+sN0LCuysJC6gwE3hgNKPVnlUArAD+A1hTuaFPvm2oXlCsmYY8++mTBVCIhx77FOsEqbqRDWhz0VI5+pVQn8j9tfIRbYvpfdhCiDSOtR3YAaqemDe0zW90PUGlaBenB+wkyxkvQQxdLn+wyQMF/0Yq7uCDkCMiHCSeJcxx8yiPDw==

Emails

[email protected]

Wallets

12ZsBrX4UTsdjJbx84GcPFGEQaKMyYU29p

Extracted

Path

C:\readme_readme_readme.txt

Family

tongda

Ransom Note

send 0.3 bitcoin to 12ZsBrX4UTsdjJbx84GcPFGEQaKMyYU29p screenchot and key send to [email protected] and [email protected] key:BT1082HUpW7vxiresIjSNKnMdfPfwsBYw4O9j85uRe83rtGv8HDVYxCl7LDY9s20q6ggJKcgqnf6i5T4RVpJNNImUkvl0BpplF8XtIKsP1LTYPgs7EEan6kELnxy859bxSWvHCJ2bKXcoHl3Zvy1ZD1ESSW1FjfeqvNadoANWBtVK5Wn4Q02Gpu76z5k3oi8QEIpG5nZjUAlTR3wqSfOHjWx6I6mrVqAxrHUZkjLKeuKzo1Bvitd6YjjcJJHMAM0NvSe2plwLgF8EXderc0Rt4H5K0mdPhVmWk7E0nAAhYGrve/M4pVBQs+VZ4ChSixQryGEn+3cJMdG6+5F7HvarA==

Emails

[email protected]

Wallets

12ZsBrX4UTsdjJbx84GcPFGEQaKMyYU29p

Targets

- Target
  
  85b3feab4909c92206c42bcfda5ccc3fac3e4c083dfedf1ec6fa62f446ab78dd.exe
- Size
  
  2.9MB
- MD5
  
  2afaaba149d078aee64dfc7f979400f0
- SHA1
  
  d771c3660ff7f370d9daea55a397b0d9e3d6ba26
- SHA256
  
  85b3feab4909c92206c42bcfda5ccc3fac3e4c083dfedf1ec6fa62f446ab78dd
- SHA512
  
  5333e86582435b4341c32f701adb75b7356026118292bd59c84807ac27b1099ddd0fe56b840b8e0a3feca60835b05b1e1af2cebb53d557f11213ecf9d46ff7bf
Score

10^/10

tongda ransomware spyware stealer
- Tongda 2000
  Ransomware targetting the Chinese office management software Tongda OA.
  ransomware tongda
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Tongda 2000

Modifies extensions of user files

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2