General
Target

093f098e70cc57a17d02323cbe6cd484

Size

78KB

Sample

210928-zqxg7adaf7

Score
10/10
MD5

093f098e70cc57a17d02323cbe6cd484

SHA1

134239f63291d00a604e619ffafb0bf3a05e5a80

SHA256

ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1

SHA512

6ff0dc0e19c1fd716065e7c2ddf7081f7ece50925f6cedbfc8f2e3595c66ba408678958cd7b6ec0a5fcf2e82c13cef94f8f5d6ea805f9e707b292f6eb97e9403

Malware Config

Extracted

Path

C:\Help Restore Your Files.txt

Ransom Note
ATTENTION! Don't worry, you can return all your files! All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you Delta Plus 2.3. This software will decrypt all your encrypted files. What guarantees you have? Payment can be made in Bitcoin only. Contact: decryptdelta@gmail.com Bitcoin Address: 3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs 1. Decoding cost The cost of decryption is $6500 dollars USD. We receive payment only in BITCOINS. (Bitcoin is a form of digital currency) Discount 50% available if you contact us first 72 hours, that's price for you is $3250 dollars USD. 2. Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Do not trust anyone! Only we have keys to your files! Without this keys restore your data is impossible. 3. Free decryption as guarantee You can send us up to 1 file for free decryption. Size of file must be less than 1 Mb (non archived). We don`t decrypt for test DATABASE, XLS and other important files. Remember this. 4. Decryption process: To decrypt the files, transfer money to our bitcoin wallet number: "3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs". As we receive the money we will send you: 1. Decryption program. 2. Detailed instruction for decryption. 3. And individual keys for decrypting your files. 5. The process of buying bitcoins: The easiest way to buy bitcoins: https://bitfy.app/ https://localbitcoins.com/ https://www.bitpanda.com/ https://paxful.com/ https://www.abra.com/ IMPORTANT! Don`t use coinbase! it take more than 2 week to make coinbase verification. P.S. The easiest way to buy bitcoins in CHINA: https://www.huobi.com/ https://www.bitoex.com/
Emails

decryptdelta@gmail.com

Wallets

3JG36KY6abZTnHBdQCon1hheC3Wa2bdyqs

URLs

https://bitfy.app/

https://www.bitpanda.com/

https://paxful.com/

https://www.abra.com/

https://www.huobi.com/

https://www.bitoex.com/

Targets
Target

093f098e70cc57a17d02323cbe6cd484

MD5

093f098e70cc57a17d02323cbe6cd484

Filesize

78KB

Score
10/10
SHA1

134239f63291d00a604e619ffafb0bf3a05e5a80

SHA256

ae6020a06d2a95cbe91b439f4433e87d198547dec629ab0900ccfe17e729cff1

SHA512

6ff0dc0e19c1fd716065e7c2ddf7081f7ece50925f6cedbfc8f2e3595c66ba408678958cd7b6ec0a5fcf2e82c13cef94f8f5d6ea805f9e707b292f6eb97e9403

Tags

Signatures

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    10/10

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10