Malware sandboxing report by Hatching Triage

Sharing

Copy URL

Twitter E-mail

General

Target

e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
Size

128KB
Sample

211128-ff255sfhgj
MD5

99e949ddd57dbc19457eba5f235516f3
SHA1

99f9270e85ec53b8dada459279d30e8b169462c1
SHA256

e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
SHA512

4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\How to decrypt files.txt

Family

targetcompany

Ransom Note

Your personal identifier: BRD454A21JS All files on BRG Precision Products network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. In addition, we downloaded about 100 gb of data from your network. We will publish the data if you do not negotiate with us. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact * Follow the instructions on the website. Q: What guarantees? A: Before paying, we can decrypt several of your test files. Files should not contain valuable information. Q: Can I decrypt my data for free or through intermediaries? A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam. �

URLs

http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact

Targets

- Target
  
  e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
- Size
  
  128KB
- MD5
  
  99e949ddd57dbc19457eba5f235516f3
- SHA1
  
  99f9270e85ec53b8dada459279d30e8b169462c1
- SHA256
  
  e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b
- SHA512
  
  4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41
Score

10^/10

targetcompany evasion ransomware
- TargetCompany
  Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
  ransomware targetcompany
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

File Deletion

T1107

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Execution

Exfiltration

Impact

Inhibit System Recovery

T1490

Initial Access

Lateral Movement

Persistence

Privilege Escalation

Tasks

Sharing

General

Malware Config

Extracted

Targets

TargetCompany

Deletes shadow copies

Modifies boot configuration data using bcdedit

Modifies extensions of user files

Deletes itself

Enumerates connected drives

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2