36e4a3de5c4395d295bdf1d70a215d9669b626c58083ec2d8ab29513830faaa6

General

Target

kings.exe
Size

72KB
Sample

220126-2aezbabbfq
MD5

5c754da92f7301dc2e44c65df7c2f0ca
SHA1

13fb3bcb9bceb9b8448004b650b37968df84eb70
SHA256

36e4a3de5c4395d295bdf1d70a215d9669b626c58083ec2d8ab29513830faaa6
SHA512

13a2eb67b9e401bf2b61bb0e91fee87cbbf08aa9c05ad58b49914c43ba0c86980a8360bb93ec843ef729a08d74357cd5dcac30ac9d2343b64285d32be9ab23b6

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\RestoreFiles.txt

Ransom Note

Hello, friends! Your system has been compromised by our team.We have blocked your files and also uploaded useful data from your computers(doc, docx, pdf, xls and other office extensions) to our servers. You have 2 days to contact us to discuss the terms of payment for our services to restore your files.If you do not contact us or refuse to pay, we will place your stolen files in the public domain. Do not change the file namesand extensions.Do not try to decrypt the files yourself, they are encrypted using a good encryption algorithm. Main Mail: [email protected] Backup mail(if we don't reply 24 hours): [email protected] At the first contact, you can write to both emails for reliability.

Emails

[email protected]

Targets

- Target
  
  kings.exe
- Size
  
  72KB
- MD5
  
  5c754da92f7301dc2e44c65df7c2f0ca
- SHA1
  
  13fb3bcb9bceb9b8448004b650b37968df84eb70
- SHA256
  
  36e4a3de5c4395d295bdf1d70a215d9669b626c58083ec2d8ab29513830faaa6
- SHA512
  
  13a2eb67b9e401bf2b61bb0e91fee87cbbf08aa9c05ad58b49914c43ba0c86980a8360bb93ec843ef729a08d74357cd5dcac30ac9d2343b64285d32be9ab23b6
Score

10^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2