General
Target

e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

Size

128KB

Sample

211128-ff255sfhgj

Score
10/10
MD5

99e949ddd57dbc19457eba5f235516f3

SHA1

99f9270e85ec53b8dada459279d30e8b169462c1

SHA256

e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

SHA512

4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41

Malware Config

Extracted

Path

C:\Users\Admin\How to decrypt files.txt

Family

targetcompany

Ransom Note
Your personal identifier: BRD454A21JS All files on BRG Precision Products network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. In addition, we downloaded about 100 gb of data from your network. We will publish the data if you do not negotiate with us. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact * Follow the instructions on the website. Q: What guarantees? A: Before paying, we can decrypt several of your test files. Files should not contain valuable information. Q: Can I decrypt my data for free or through intermediaries? A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam. �
URLs

http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact

Targets
Target

e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

MD5

99e949ddd57dbc19457eba5f235516f3

Filesize

128KB

Score
10/10
SHA1

99f9270e85ec53b8dada459279d30e8b169462c1

SHA256

e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

SHA512

4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41

Tags

Signatures

  • TargetCompany

    Description

    Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Modifies boot configuration data using bcdedit

    Tags

    TTPs

    Inhibit System Recovery
  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Deletes itself

  • Enumerates connected drives

    Description

    Attempts to read the root path of hard drives other than the default C: drive.

    TTPs

    Query RegistryPeripheral Device DiscoverySystem Information Discovery

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    Score
                    10/10

                    behavioral1

                    Score
                    10/10

                    behavioral2

                    Score
                    10/10