targetcompany

General

Target

7e6cd2bf820d81c9389c549cfe482bcdb1b57c5f39d53b63cd1efb79699e7ae6.bin
Size

75KB
Sample

220105-n2wjgsaegq
MD5

a765dbcbac57a712e2eb748fe6fd5e7c
SHA1

59c51f9d5f699b6aa6b3e37fcd93da87ce79d815
SHA256

7e6cd2bf820d81c9389c549cfe482bcdb1b57c5f39d53b63cd1efb79699e7ae6
SHA512

9ab1aa09e965014b56aadeddbe38b44de343942857431b6490a53b143b9232f6da3415d6245ee774a35538196ad000c66fdc673db98fb84bd7615af04a7e1a8c

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\RECOVERY INFORMATION.txt

Ransom Note

YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: recohelper@cock.li mallox@tutanota.com YOUR PERSONAL ID: 558B95374764 �

Emails

recohelper@cock.li

mallox@tutanota.com

Extracted

Path

C:\$Recycle.Bin\RECOVERY INFORMATION.txt

Ransom Note

YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: recohelper@cock.li mallox@tutanota.com YOUR PERSONAL ID: 0630D6481BAD �

Emails

recohelper@cock.li

mallox@tutanota.com

Targets

- Target
  
  7e6cd2bf820d81c9389c549cfe482bcdb1b57c5f39d53b63cd1efb79699e7ae6.bin
- Size
  
  75KB
- MD5
  
  a765dbcbac57a712e2eb748fe6fd5e7c
- SHA1
  
  59c51f9d5f699b6aa6b3e37fcd93da87ce79d815
- SHA256
  
  7e6cd2bf820d81c9389c549cfe482bcdb1b57c5f39d53b63cd1efb79699e7ae6
- SHA512
  
  9ab1aa09e965014b56aadeddbe38b44de343942857431b6490a53b143b9232f6da3415d6245ee774a35538196ad000c66fdc673db98fb84bd7615af04a7e1a8c
Score

10^/10

targetcompany evasion persistence ransomware
- Modifies WinLogon for persistence
  persistence
- TargetCompany
  Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
  ransomware targetcompany
- TargetCompany Payload
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Modifies service settings
  Alters the configuration of existing services.
  evasion
- Stops running service(s)
  evasion
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2