HotCoffeeRansomware.exe

General
Target

HotCoffeeRansomware.exe

Size

776KB

Sample

210927-qlaceshagr

Score
10 /10
MD5

c054c0f03277f7f0bdad9350fa3d5c2d

SHA1

752071b548bb3a4c45c91174fcf5cf95ce99638a

SHA256

546f3a70ab029ad78105f1b7cf581038362cfbb3c7120326075552d72656ec98

SHA512

783a02a18f15c80c21cb08b9822ab02c0f62a11340edbbc44a364db9d820bda795db086f843ed3c2597d86c2933dc531ebdaa2ab3fc97e3f5e18aa3c437f6576

Malware Config

Extracted

Path C:\Users\Admin\Desktop\HOT_COFFEE_README.hta
Ransom Note
GIVE ME HOT COFFEE You have been bamboozled by the hot coffee ransomware. Your files have been encrypted using military grade encryption and only we have the decryption key. If you want to get your files back you need to pay a ransom of 1 large long black with an extra espresso shot. Email EMAIL@protonmail.com for further instructions. You have 7 days to pay or else.
Emails

EMAIL@protonmail.com

Targets
Target

HotCoffeeRansomware.exe

MD5

c054c0f03277f7f0bdad9350fa3d5c2d

Filesize

776KB

Score
10/10
SHA1

752071b548bb3a4c45c91174fcf5cf95ce99638a

SHA256

546f3a70ab029ad78105f1b7cf581038362cfbb3c7120326075552d72656ec98

SHA512

783a02a18f15c80c21cb08b9822ab02c0f62a11340edbbc44a364db9d820bda795db086f843ed3c2597d86c2933dc531ebdaa2ab3fc97e3f5e18aa3c437f6576

Tags

Signatures

  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  10/10

                  behavioral2

                  7/10