targetcompany

General

Target

ConsoleApp7.exe
Size

53KB
Sample

211231-keqg6sggb4
MD5

b2993b2a7a1edba14742564de7e85cb2
SHA1

cf7f1085978128cc082aec921d34d6d25e4ab19b
SHA256

800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64
SHA512

a64951f5026a2f3bb01652bae0267b1d4b88b017a64208bb2e556a755a44e86eab0df33d43e759defe4caefc30693099b74fa1ebac90ff323ac2e555f51d892a

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\RECOVERY INFORMATION.txt

Ransom Note

YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: recohelper@cock.li mallox@tutanota.com YOUR PERSONAL ID: 77A2C588DF7F �

Emails

recohelper@cock.li

mallox@tutanota.com

Extracted

Path

C:\$Recycle.Bin\RECOVERY INFORMATION.txt

Ransom Note

YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: recohelper@cock.li mallox@tutanota.com YOUR PERSONAL ID: 5E723FBCF56B �

Emails

recohelper@cock.li

mallox@tutanota.com

Targets

- Target
  
  ConsoleApp7.exe
- Size
  
  53KB
- MD5
  
  b2993b2a7a1edba14742564de7e85cb2
- SHA1
  
  cf7f1085978128cc082aec921d34d6d25e4ab19b
- SHA256
  
  800b4455105a08833332092017909f9dd47bd4ebfb1cbddbe0b95658d03b8d64
- SHA512
  
  a64951f5026a2f3bb01652bae0267b1d4b88b017a64208bb2e556a755a44e86eab0df33d43e759defe4caefc30693099b74fa1ebac90ff323ac2e555f51d892a
Score

10^/10

targetcompany discovery evasion ransomware
- TargetCompany
  Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
  ransomware targetcompany
- TargetCompany Payload
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Nirsoft
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Modifies service settings
  Alters the configuration of existing services.
  evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
- Modifies file permissions
  discovery
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2