Overview

overview

10

Static

static

Ransom.exe

windows7_x64

10

Ransom.exe

windows10_x64

10

Resubmissions

10-02-2022 19:35

220210-yal6vaagdn 10

25-01-2022 13:43

220125-q1geaaghd5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Ransom.exe

  • Size

    127KB

  • Sample

    220125-q1geaaghd5

  • MD5

    1f6297d8f742cb578bfa59735120326b

  • SHA1

    ff6eca213cad5c2a139fc0dc0dc6a8e6d3df7b17

  • SHA256

    3f843cbffeba010445dae2b171caaa99c6b56360de5407da71210d007fe26673

  • SHA512

    f9ade063be2ae5861248472aff857b2e0506d4705ff779972ade7482bb7797521338dd9a842f048d5ba1697719b22a3ba596370c37f4352a2527dbe1997edfd1

Score
10/10
evasionransomware

Malware Config

Extracted

Path

C:\Users\Admin\RECOVERY INFORMATION.txt

Ransom Note
YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: newexploit@tutanota.com YOUR PERSONAL ID: DBDBBB172FDE �
Emails

newexploit@tutanota.com

Extracted

Path

C:\Program Files\RECOVERY INFORMATION.txt

Ransom Note
YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: newexploit@tutanota.com YOUR PERSONAL ID: A27D7F56E433 �
Emails

newexploit@tutanota.com

Targets

    • Target

      Ransom.exe

    • Size

      127KB

    • MD5

      1f6297d8f742cb578bfa59735120326b

    • SHA1

      ff6eca213cad5c2a139fc0dc0dc6a8e6d3df7b17

    • SHA256

      3f843cbffeba010445dae2b171caaa99c6b56360de5407da71210d007fe26673

    • SHA512

      f9ade063be2ae5861248472aff857b2e0506d4705ff779972ade7482bb7797521338dd9a842f048d5ba1697719b22a3ba596370c37f4352a2527dbe1997edfd1

    Score
    10/10
    evasionransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

3
T1490

Tasks