General
-
Target
scvhost.exe
-
Size
500KB
-
Sample
220113-wgrc2abhgp
-
MD5
e04becb4c8ff826e5e5aa305dee074bc
-
SHA1
07bf49663c9c76e4a468a98f2fe3a55977432a39
-
SHA256
5fa8c4ab6dc45672099078277903cce8e86ae1e310f24a0dd9862166e3c0e30c
-
SHA512
cb4c086df9395d1ebc68cc576d241e584c454e45db5365ed2196f0529cb6c2cad70b0f061e7fced4d980f10aabf8829f6e69602be8e086f73d9c1aa7d4d48fa2
Static task
static1
Behavioral task
behavioral1
Sample
scvhost.exe
Resource
win7-en-20211208
Malware Config
Extracted
mespinoza
-
ransomnote
Hi Company, Every byte on any types of your devices was encrypted. Don't try to use backups because it were encrypted too. To get all your data back contact us: [email protected] Also, be aware that we downloaded files from your servers and in case of non-payment we will be forced to upload them on our website, and if necessary, we will sell them on the darknet. Check out our website, we just posted there new updates for our partners: http://pysa2bitc5ldeyfak4seeruqymqs4sj5wt5qkcq7aoyg4h2acqieywad.onion/ To go to our site you have to use TOR Browser. Download link: https://www.torproject.org/download/ -------------- FAQ: 1. Q: How can I make sure you don't fooling me? A: You can send us 2 files(max 2mb). 2. Q: What to do to get all data back? A: Don't restart the computer, don't move files and write us. 3. Q: What if I have no response? A: Wait and we will answer you in 24 hours. 4. Q: What to tell my boss? A: Protect Your System Amigo.
Targets
-
-
Target
scvhost.exe
-
Size
500KB
-
MD5
e04becb4c8ff826e5e5aa305dee074bc
-
SHA1
07bf49663c9c76e4a468a98f2fe3a55977432a39
-
SHA256
5fa8c4ab6dc45672099078277903cce8e86ae1e310f24a0dd9862166e3c0e30c
-
SHA512
cb4c086df9395d1ebc68cc576d241e584c454e45db5365ed2196f0529cb6c2cad70b0f061e7fced4d980f10aabf8829f6e69602be8e086f73d9c1aa7d4d48fa2
Score10/10-
Mespinoza Ransomware
Also known as Pysa. Ransomware-as-a-servoce which first appeared in 2020.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-