General
-
Target
44f1def68aef34687bfacf3668e56873f9d603fc6741d5da1209cc55bdc6f1f9.bin
-
Size
500KB
-
Sample
211224-ncj46achfm
-
MD5
6db85bacef3cac6deb69911af522e2b7
-
SHA1
6aa7b2744a7e3975f0dff3672ec633b687ef5fbd
-
SHA256
44f1def68aef34687bfacf3668e56873f9d603fc6741d5da1209cc55bdc6f1f9
-
SHA512
7fbeb7cd7c09eb758e7dbbbe388e742a4d4a5e2933edcc3c0d57d4225918a5b9ac8259ebfcd71ae588e3b459aa5fa2ad8efad635ebc86f271cae7d272e1f8361
Malware Config
Extracted
mespinoza
-
ransomnote
Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: [email protected] [email protected] [email protected] Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet. Check out our website, we just posted there new updates for our partners: http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion/ -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What to tell my boss? A: Protect Your System Amigo.
Targets
-
-
Target
44f1def68aef34687bfacf3668e56873f9d603fc6741d5da1209cc55bdc6f1f9.bin
-
Size
500KB
-
MD5
6db85bacef3cac6deb69911af522e2b7
-
SHA1
6aa7b2744a7e3975f0dff3672ec633b687ef5fbd
-
SHA256
44f1def68aef34687bfacf3668e56873f9d603fc6741d5da1209cc55bdc6f1f9
-
SHA512
7fbeb7cd7c09eb758e7dbbbe388e742a4d4a5e2933edcc3c0d57d4225918a5b9ac8259ebfcd71ae588e3b459aa5fa2ad8efad635ebc86f271cae7d272e1f8361
Score10/10-
Mespinoza Ransomware
Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-