General
-
Target
722f1c1527b2c788746fec4dd1af70b0c703644336909735f8f23f6ef265784b
-
Size
2.9MB
-
Sample
220205-a82gesgadm
-
MD5
e69cb001797f1948c490fa165e1cc077
-
SHA1
324c6626ab70399ef9864542ddbeedfb8fbddfb5
-
SHA256
722f1c1527b2c788746fec4dd1af70b0c703644336909735f8f23f6ef265784b
-
SHA512
a11efe337e73792a7ca931144d80f3db7b427e156b28a7a743f9a628c7226812caa72fcc703a361dbfbcbd70d6800c5a2264c7f3f8764288466e72833a55fce1
Malware Config
Extracted
blackcat
- Username:
YAPITEKNIK\burakaltiparmak - Password:
ba123
- Username:
YAPITEKNIK\kadirbektas - Password:
duru
- Username:
YAPITEKNIK\test1 - Password:
test1
-
enable_network_discovery
true
-
enable_self_propagation
true
-
enable_set_wallpaper
true
-
extension
lpsftyl
-
note_file_name
RECOVER-${EXTENSION}-FILES.txt
-
note_full_text
>> What happened? Important files on your network was ENCRYPTED and now they have "${EXTENSION}" extension. In order to recover your files you need to follow instructions below. >> CAUTION DO NOT MODIFY ENCRYPTED FILES YOURSELF. DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >> What should I do next? Follow these simple steps to get everything back to normal: 1) Download and install Tor Browser from: https://torproject.org/ 2) Navigate to: http://l37tauvuvjzsl7grehyvzg2nvvcyx7fjvvduifdxxw5hg6eqcxnf6oad.onion/?access-key=${ACCESS_KEY}
Targets
-
-
Target
722f1c1527b2c788746fec4dd1af70b0c703644336909735f8f23f6ef265784b
-
Size
2.9MB
-
MD5
e69cb001797f1948c490fa165e1cc077
-
SHA1
324c6626ab70399ef9864542ddbeedfb8fbddfb5
-
SHA256
722f1c1527b2c788746fec4dd1af70b0c703644336909735f8f23f6ef265784b
-
SHA512
a11efe337e73792a7ca931144d80f3db7b427e156b28a7a743f9a628c7226812caa72fcc703a361dbfbcbd70d6800c5a2264c7f3f8764288466e72833a55fce1
Score8/10-
Sets service image path in registry
-