General
-
Target
f602319a51dfad374687a6d18f87c9f8e7b9cab956a4993c2ed83e7adad6e2db.bin
-
Size
628KB
-
Sample
211224-nbz4zscher
-
MD5
68d717aaa4ca93f1799f5e602553b7e9
-
SHA1
3ce06540d62a722513145bbd346cdb223ddb17c7
-
SHA256
f602319a51dfad374687a6d18f87c9f8e7b9cab956a4993c2ed83e7adad6e2db
-
SHA512
e37f2dd5f8110ce6928be726016427216e978fbc2beebdbae2c6f1d1e4454901e260cac4e335358d6c1d44a7abf42bf2f6edaf87264665fed778f03a515a9f26
Static task
static1
Behavioral task
behavioral1
Sample
f602319a51dfad374687a6d18f87c9f8e7b9cab956a4993c2ed83e7adad6e2db.bin.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
f602319a51dfad374687a6d18f87c9f8e7b9cab956a4993c2ed83e7adad6e2db.bin.exe
Resource
win10-en-20211208
Malware Config
Extracted
mespinoza
-
ransomnote
Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: [email protected] [email protected] [email protected] Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet. Check out our website, we just posted there new updates for our partners: http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion/ -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What to tell my boss? A: Protect Your System Amigo.
Targets
-
-
Target
f602319a51dfad374687a6d18f87c9f8e7b9cab956a4993c2ed83e7adad6e2db.bin
-
Size
628KB
-
MD5
68d717aaa4ca93f1799f5e602553b7e9
-
SHA1
3ce06540d62a722513145bbd346cdb223ddb17c7
-
SHA256
f602319a51dfad374687a6d18f87c9f8e7b9cab956a4993c2ed83e7adad6e2db
-
SHA512
e37f2dd5f8110ce6928be726016427216e978fbc2beebdbae2c6f1d1e4454901e260cac4e335358d6c1d44a7abf42bf2f6edaf87264665fed778f03a515a9f26
Score10/10-
Mespinoza Ransomware
Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-