Resubmissions

28-09-2021 20:55

210928-zqxg7adaf7 10

18-09-2021 09:16

210918-k8f6lahbf4 10

General

  • Target

    093f098e70cc57a17d02323cbe6cd484

  • Size

    78KB

  • Sample

    210928-zqxg7adaf7

  • MD5

    093f098e70cc57a17d02323cbe6cd484

  • SHA1

    134239f63291d00a604e619ffafb0bf3a05e5a80

  • SHA256

    ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1

  • SHA512

    6ff0dc0e19c1fd716065e7c2ddf7081f7ece50925f6cedbfc8f2e3595c66ba408678958cd7b6ec0a5fcf2e82c13cef94f8f5d6ea805f9e707b292f6eb97e9403

Malware Config

Extracted

Path

C:\Help Restore Your Files.txt

Ransom Note
ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
Emails

decryptdelta@gmail.com

Wallets

3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs

URLs

https://bitfy.app/

https://www.bitpanda.com/

https://paxful.com/

https://www.abra.com/

https://www.huobi.com/

https://www.bitoex.com/

Targets

    • Target

      093f098e70cc57a17d02323cbe6cd484

    • Size

      78KB

    • MD5

      093f098e70cc57a17d02323cbe6cd484

    • SHA1

      134239f63291d00a604e619ffafb0bf3a05e5a80

    • SHA256

      ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1

    • SHA512

      6ff0dc0e19c1fd716065e7c2ddf7081f7ece50925f6cedbfc8f2e3595c66ba408678958cd7b6ec0a5fcf2e82c13cef94f8f5d6ea805f9e707b292f6eb97e9403

    Score
    10/10
    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Deletion

2
T1107

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Impact

Inhibit System Recovery

2
T1490

Tasks