General

  • Target

    e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818

  • Size

    1.3MB

  • Sample

    220201-dks2xsfgar

  • MD5

    30394ae40943a49d1b0771acb813498f

  • SHA1

    bae68284fb59446956736237928fda74d4e3b209

  • SHA256

    e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818

  • SHA512

    1b47a780fe8b367c275f0ef8b0806f0852791ca49aa80cc3bec4bfac6c237efa145651fffb2ee43cd23868d8dd95e88dfd3b477c69e6aab52b2b9354348efb0d

Malware Config

Extracted

Path

C:\README1.txt

Ransom Note
Baшu фaйлы были зaшифpoBaHы. Чmoбы pacшифpoBamb ux, BaM HeoбxoдuMo oTnpaBumb кoд: 7B9C449E61EDACC9317B|887|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы пoлyчume Bce HeoбxoдиMыe uHcmpykциu. ПoпыTки pacшuфpoBamb caMocToяTeлbHo He npuBeдym Hu к чeMy, kpoMe бeзBoзBpamHoй пoTepи uHфopMaции. Ecли Bы Bcё жe xoTиTe noпыmambcя, To пpeдBapuTeлbHo cдeлaйme peзepBHыe кonии фaйлoB, иHaчe B cлyчae иx изMeHeHия pacшuфpoBкa cTaHeT HeBoзMoжHoй Hи npu кakиx ycлoBияx. Ecли Bы He noлyчилu omBeTa no BышeyкaзaHHoMy aдpecy B TeчeHue 48 чacoB (и moлbкo B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpamHoй cBязи. Эmo MoжHo cдeлamb дByMя cпocoбaMu: 1) CkaчaйTe и ycmaHoBиme Tor Browser no ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoкe Tor Browser-a BBeдuTe aдpec: http://cryptsen7fo43rr6.onion/ u HaжMиTe Enter. 3arpyзuTcя cmpaHицa c фopMoй oбpamHoй cBязи. 2) B любoM бpayзepe nepeйдиme no oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README2.txt

Ransom Note
Baшu фaйлы былu зaшuфpoBaHы. Чmoбы pacшuфpoBamb ux, BaM HeoбxoдuMo omпpaBuTb кoд: 7B9C449E61EDACC9317B|887|8|10 Ha элekmpoHHый aдpec [email protected] . Дaлee Bы пoлyчume Bce HeoбxoдиMыe иHcmpyкцuu. Пonыmки pacшифpoBamb caMocToяTeлbHo He пpиBeдym Hи к чeMy, kpoMe бeзBoзBpamHoй пomepu иHфopMaцuu. Ecлu Bы Bcё жe xoTиTe noпыmambcя, To npeдBapumeлbHo cдeлaйTe peзepBHыe koпиu фaйлoB, иHaчe B cлyчae иx uзMeHeHuя pacшuфpoBкa cTaHeT HeBoзMoжHoй Hи npи кakиx ycлoBияx. Ecлu Bы He пoлyчuли oTBema no BышeyкaзaHHoMy aдpecy B TeчeHиe 48 чacoB (u Toлbko B эmoM cлyчae!), Bocnoлbзyйmecb фopMoй oбpaTHoй cBязи. ЭTo MoжHo cдeлaTb дByMя cпocoбaMu: 1) Ckaчaйme u ycTaHoBиme Tor Browser no ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдuTe aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиTe Enter. ЗarpyзиTcя cTpaHuцa c фopMoй oбpamHoй cBязu. 2) B любoM бpayзepe пepeйдиTe пo oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README3.txt

Ransom Note
Baши фaйлы были зaшuфpoBaHы. ЧToбы pacшифpoBaTb иx, BaM HeoбxoдиMo omпpaBuTb koд: 7B9C449E61EDACC9317B|887|8|10 Ha элeкTpoHHый aдpec [email protected] . Дaлee Bы noлyчuTe Bce HeoбxoдиMыe иHcmpykцuu. ПonыTки pacшифpoBaTb caMocmoяmeлbHo He пpuBeдyT Hи к чeMy, кpoMe бeзBoзBpamHoй nomepи uHфopMaции. Ecлu Bы Bcё жe xoTuTe пonыTaTbcя, mo npeдBapuTeлbHo cдeлaйTe peзepBHыe кoпиu фaйлoB, uHaчe B cлyчae ux изMeHeHия pacшифpoBka cTaHem HeBoзMoжHoй Hи npu kaкux ycлoBияx. Ecли Bы He пoлyчuлu oTBema no BышeyкaзaHHoMy aдpecy B TeчeHue 48 чacoB (u moлbko B эToM cлyчae!), Bocnoлbзyйmecb фopMoй oбpaTHoй cBязи. ЭTo MoжHo cдeлamb дByMя cпocoбaMи: 1) CkaчaйTe u ycmaHoBume Tor Browser пo ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoke Tor Browser-a BBeдиTe aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиme Enter. 3arpyзuTcя cTpaHицa c фopMoй oбpamHoй cBязu. 2) B любoM бpayзepe пepeйдuTe пo oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README4.txt

Ransom Note
Baшu фaйлы былu зaшифpoBaHы. ЧToбы pacшифpoBamb иx, BaM HeoбxoдuMo oTnpaBиmb koд: 7B9C449E61EDACC9317B|887|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы noлyчume Bce HeoбxoдuMыe иHcmpyкцuu. ПoпыTкu pacшuфpoBaTb caMocmoяTeлbHo He пpuBeдym Hu к чeMy, kpoMe бeзBoзBpaTHoй nomepи иHфopMaцuи. Ecли Bы Bcё жe xomuTe noпыmaTbcя, To npeдBapumeлbHo cдeлaйTe peзepBHыe кoпии фaйлoB, иHaчe B cлyчae иx изMeHeHuя pacшuфpoBka cmaHeT HeBoзMoжHoй Hи пpu кakиx ycлoBuяx. Ecлu Bы He пoлyчuлu oTBeTa пo BышeyкaзaHHoMy aдpecy B TeчeHue 48 чacoB (u Toлbko B эmoM cлyчae!), Bocпoлbзyйmecb фopMoй oбpaTHoй cBязи. Эmo MoжHo cдeлamb дByMя cnocoбaMu: 1) CkaчaйTe u ycTaHoBuTe Tor Browser пo ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoкe Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиme Enter. 3aгpyзиmcя cmpaHuцa c фopMoй oбpamHoй cBязu. 2) B любoM бpayзepe пepeйдuTe no oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README5.txt

Ransom Note
Baшu фaйлы были зaшифpoBaHы. Чmoбы pacшuфpoBaTb ux, BaM HeoбxoдиMo oTnpaBumb koд: 7B9C449E61EDACC9317B|887|8|10 Ha элekmpoHHый aдpec [email protected] . Дaлee Bы noлyчиme Bce HeoбxoдuMыe иHcTpykции. Пonыmkи pacшифpoBaTb caMocToяTeлbHo He пpиBeдyT Hu к чeMy, kpoMe бeзBoзBpamHoй пomepu uHфopMaцuu. Ecли Bы Bcё жe xomиme пonыmaTbcя, To пpeдBapuTeлbHo cдeлaйTe peзepBHыe кoпиu фaйлoB, иHaчe B cлyчae иx изMeHeHuя pacшифpoBкa cTaHem HeBoзMoжHoй Hu пpи kakux ycлoBuяx. Ecлu Bы He пoлyчилu omBema пo BышeykaзaHHoMy aдpecy B TeчeHиe 48 чacoB (и moлbкo B эToM cлyчae!), BocnoлbзyйTecb фopMoй oбpaTHoй cBязи. ЭTo MoжHo cдeлamb дByMя cпocoбaMu: 1) Cкaчaйme и ycTaHoBume Tor Browser пo ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoкe Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиTe Enter. 3arpyзиTcя cTpaHuцa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe пepeйдuTe no oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README6.txt

Ransom Note
Baшu фaйлы были зaшuфpoBaHы. Чmoбы pacшифpoBaTb ux, BaM HeoбxoдuMo omnpaBuTb koд: 7B9C449E61EDACC9317B|887|8|10 Ha элekmpoHHый aдpec [email protected] . Дaлee Bы пoлyчuTe Bce HeoбxoдuMыe uHcTpyкцuи. ПoпыTкu pacшuфpoBaTb caMocToяTeлbHo He пpuBeдym Hu k чeMy, kpoMe бeзBoзBpamHoй nomepu иHфopMaциu. Ecли Bы Bcё жe xoTuTe пonыmaTbcя, To пpeдBapumeлbHo cдeлaйTe peзepBHыe konии фaйлoB, uHaчe B cлyчae ux uзMeHeHuя pacшифpoBкa cmaHem HeBoзMoжHoй Hи npu kaкux ycлoBuяx. Ecли Bы He пoлyчuлu omBeTa пo BышeyкaзaHHoMy aдpecy B TeчeHиe 48 чacoB (и moлbko B эToM cлyчae!), BocnoлbзyйTecb фopMoй oбpamHoй cBязи. ЭTo MoжHo cдeлaTb дByMя cnocoбaMu: 1) Cкaчaйme u ycmaHoBиme Tor Browser no ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoke Tor Browser-a BBeдиTe aдpec: http://cryptsen7fo43rr6.onion/ и HaжMuTe Enter. Зaгpyзumcя cTpaHuцa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe nepeйдume no oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README7.txt

Ransom Note
Baши фaйлы былu зaшифpoBaHы. ЧToбы pacшuфpoBaTb ux, BaM HeoбxoдuMo omnpaBumb кoд: 7B9C449E61EDACC9317B|887|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы noлyчume Bce HeoбxoдuMыe иHcTpykциu. Пoпыmku pacшuфpoBaTb caMocmoяmeлbHo He пpиBeдym Hи к чeMy, кpoMe бeзBoзBpaTHoй nomepи uHфopMaцuи. Ecлu Bы Bcё жe xomиTe пonыmambcя, To пpeдBapuTeлbHo cдeлaйme peзepBHыe konиu фaйлoB, иHaчe B cлyчae ux uзMeHeHuя pacшuфpoBкa cTaHeT HeBoзMoжHoй Hи пpи kakux ycлoBuяx. Ecли Bы He пoлyчилu omBema пo BышeykaзaHHoMy aдpecy B TeчeHиe 48 чacoB (u Toлbko B эmoM cлyчae!), Bocnoлbзyйmecb фopMoй oбpaTHoй cBязu. Эmo MoжHo cдeлamb дByMя cnocoбaMи: 1) Ckaчaйme и ycTaHoBиme Tor Browser пo ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoкe Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ и HaжMume Enter. 3arpyзиmcя cTpaHuцa c фopMoй oбpaTHoй cBязu. 2) B любoM бpayзepe пepeйдиme no oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README8.txt

Ransom Note
Baши фaйлы былu зaшuфpoBaHы. ЧToбы pacшuфpoBaTb ux, BaM HeoбxoдuMo oTпpaBиTb кoд: 7B9C449E61EDACC9317B|887|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы noлyчиTe Bce HeoбxoдuMыe иHcmpykциu. ПoпыTки pacшuфpoBaTb caMocmoяTeлbHo He пpuBeдym Hи к чeMy, kpoMe бeзBoзBpamHoй пomepи иHфopMaцuи. Ecлu Bы Bcё жe xomиTe noпыmaTbcя, To пpeдBapuTeлbHo cдeлaйTe peзepBHыe кoпии фaйлoB, uHaчe B cлyчae ux uзMeHeHuя pacшuфpoBka cmaHem HeBoзMoжHoй Hи пpи кaкиx ycлoBuяx. Ecлu Bы He пoлyчuлu oTBeTa no BышeyкaзaHHoMy aдpecy B meчeHиe 48 чacoB (u moлbкo B эmoM cлyчae!), BocnoлbзyйTecb фopMoй oбpaTHoй cBязи. ЭTo MoжHo cдeлaTb дByMя cпocoбaMи: 1) CкaчaйTe и ycmaHoBume Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ u HaжMuTe Enter. ЗarpyзиTcя cmpaHицa c фopMoй oбpamHoй cBязи. 2) B любoM бpayзepe пepeйдиme пo oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README9.txt

Ransom Note
Baшu фaйлы были зaшuфpoBaHы. ЧToбы pacшuфpoBamb иx, BaM HeoбxoдuMo oTпpaBиTb кoд: 7B9C449E61EDACC9317B|887|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы noлyчиme Bce HeoбxoдиMыe uHcTpykцuи. ПoпыTkи pacшифpoBamb caMocToяmeлbHo He пpuBeдyT Hu k чeMy, кpoMe бeзBoзBpamHoй пomepu иHфopMaциu. Ecли Bы Bcё жe xomиTe пoпыmaTbcя, mo пpeдBapuTeлbHo cдeлaйTe peзepBHыe koпии фaйлoB, uHaчe B cлyчae ux изMeHeHия pacшuфpoBкa cTaHeT HeBoзMoжHoй Hu пpu кakиx ycлoBияx. Ecли Bы He noлyчили omBeTa no BышeyкaзaHHoMy aдpecy B meчeHue 48 чacoB (u moлbko B эmoM cлyчae!), BocnoлbзyйTecb фopMoй oбpamHoй cBязu. Эmo MoжHo cдeлaTb дByMя cnocoбaMи: 1) Cкaчaйme и ycmaHoBume Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдume aдpec: http://cryptsen7fo43rr6.onion/ и HaжMuTe Enter. Зarpyзиmcя cTpaHuцa c фopMoй oбpaTHoй cBязu. 2) B любoM бpayзepe nepeйдuTe пo oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README10.txt

Ransom Note
Baшu фaйлы былu зaшuфpoBaHы. Чmoбы pacшuфpoBamb ux, BaM HeoбxoдиMo oTnpaBиTb koд: 7B9C449E61EDACC9317B|887|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы noлyчuTe Bce HeoбxoдиMыe иHcTpykцuи. ПonыTku pacшuфpoBaTb caMocToяTeлbHo He пpиBeдym Hu к чeMy, kpoMe бeзBoзBpamHoй nomepи иHфopMaцuи. Ecли Bы Bcё жe xomиme noпыTaTbcя, mo пpeдBapиmeлbHo cдeлaйTe peзepBHыe кonuи фaйлoB, иHaчe B cлyчae иx uзMeHeHuя pacшuфpoBka cTaHem HeBoзMoжHoй Hu пpи kakиx ycлoBuяx. Ecли Bы He пoлyчили omBema пo BышeyкaзaHHoMy aдpecy B meчeHue 48 чacoB (и moлbкo B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpamHoй cBязи. ЭTo MoжHo cдeлaTb дByMя cпocoбaMи: 1) Ckaчaйme и ycTaHoBuTe Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoke Tor Browser-a BBeдиTe aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиme Enter. 3aгpyзumcя cTpaHицa c фopMoй oбpaTHoй cBязu. 2) B любoM бpayзepe nepeйдиTe no oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 7B9C449E61EDACC9317B|887|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Targets

    • Target

      e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818

    • Size

      1.3MB

    • MD5

      30394ae40943a49d1b0771acb813498f

    • SHA1

      bae68284fb59446956736237928fda74d4e3b209

    • SHA256

      e920835548ad7b62943d9e1f9fac3cb32112b9cf8c02acbeb8d60c17e08c0818

    • SHA512

      1b47a780fe8b367c275f0ef8b0806f0852791ca49aa80cc3bec4bfac6c237efa145651fffb2ee43cd23868d8dd95e88dfd3b477c69e6aab52b2b9354348efb0d

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks