General
-
Target
c77a3398f92fc472a6536f8c5078789b6c1e157a4d4d4b343bfb320d00b8707a
-
Size
53KB
-
Sample
220211-has2dsbgh4
-
MD5
c5a90ccf99e848e1d3658892798e4952
-
SHA1
1ed2f4c279ec742d1671cf564cb2ad2074d3e885
-
SHA256
c77a3398f92fc472a6536f8c5078789b6c1e157a4d4d4b343bfb320d00b8707a
-
SHA512
9e0b92f18cf6a73b9caa2d29d14603d90cd600a6dfcbbfc6ea394852746b020bc504eeefce0c75d279dab5bc21dab51643b417685f9a824758cbd9cd856f914f
Score
10/10
Malware Config
Extracted
Path
C:\how_to_back_files.html
Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
body {
background-color: #252525;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 5px;
color: #FF0000;
background: #1C1A1B;
}
.letter {
color: #FF0000;
font-weight: 600
}
.tabs1 .identi {
margin-left: 0px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #1C1A1B;
color: #F1EADA;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #F1EADA;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #1C1A1B;
color: #F1EADA;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top:0;
background: #1C1A1B;
color: #E29F12;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
</style>
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head"><h3>Your personal ID</h3></div>
<div class="identi">
<pre><span class="letter">
<pre>46 79 CE DA 6A C6 0F 70 0B 6A EA 42 B2 88 62 79
07 56 CA DE 59 48 AA 75 DF 3B 07 48 8D CD C4 E1
F2 50 21 5C 57 6F DD 13 E1 B9 00 EB D7 FB 52 11
F0 1D 8E 6A 14 01 31 53 79 96 4D DA B6 AA F6 D6
ED DD 21 65 D5 DC 40 95 0A 40 32 31 FE AB 90 CF
9E 6C 41 29 33 CA 82 C8 53 1A 97 26 12 58 DE 9B
5C 24 4D 29 DA A0 6E 2C BA 28 1C 78 39 A2 79 37
4C 5D 21 D8 31 0E EA B5 1D BA E9 C9 DB AD 59 92
E4 A5 E2 77 BC 10 DB 2D 9D C5 84 5F 83 03 08 D1
14 80 42 97 48 4B 77 1A 1A 77 CF C7 55 A6 57 42
43 FC CD AC F9 5C 26 A8 08 CC B4 65 F4 42 9C 9D
DD 2C 18 76 18 84 1D 56 DE 46 AF F6 A8 AA E2 79
1E 39 91 D9 2F CF BA 02 CF C4 A7 E4 40 BF DC C1
F5 17 D9 04 D0 70 BA B9 EC D5 2B 51 69 6B 37 CD
09 41 2D 8D A9 07 2D 21 F5 E8 7E 65 75 72 6B CC
94 48 ED E1 D0 20 B6 B2 0A 10 BA CF 72 89 88 34
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input type="radio" name="tabs" checked="checked" id="tab1" />
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<h3> To decrypt, follow the instructions below. </h3>
<br>
<div class="text">
<!--text data -->
To recover data you need decryptor.<br>
To get the decryptor you should:<br>
<p>Send 1 crypted test image or text file or document to <span class="letter"> [email protected]</span><br>
(Or alternate mail <span class="letter">[email protected]</span>)</p><p>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file as proof and assign the price for decryption all files.<p></p>
After payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder..<br>
<p> <center><b><p style="color: #ffff66;">MOST IMPORTANT!!!</p></center>
<hr color="#ffff66">
<center><p style="color: #ffff66;"> We are ready to work through intermediaries and guarantors.
</b></p></center>
<hr color="#ffff66">
<ul>
<li>Only decoder_master proof can decrypt your files.</li>
<li>Antivirus programs can delete this document and you can not contact us later.</li>
<li>Attempts to self-decrypting files will result in the loss of your data.</li>
<li>Decoders other users are not compatible with your data, because each users unique encryption key.
</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
</ul>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
Emails
[email protected]</span><br>
class="letter">[email protected]</span>)</p><p>
URLs
http-equiv="Content-Type"
Extracted
Path
C:\how_to_back_files.html
Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
body {
background-color: #252525;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 5px;
color: #FF0000;
background: #1C1A1B;
}
.letter {
color: #FF0000;
font-weight: 600
}
.tabs1 .identi {
margin-left: 0px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #1C1A1B;
color: #F1EADA;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #F1EADA;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #1C1A1B;
color: #F1EADA;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top:0;
background: #1C1A1B;
color: #E29F12;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
</style>
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head"><h3>Your personal ID</h3></div>
<div class="identi">
<pre><span class="letter">
<pre>11 9B 18 CE 30 B2 67 2E 76 2D 56 C2 29 E7 6E 7C
42 2C 76 AD 46 9D 75 F8 78 FE CF 44 BE DF 50 E4
20 70 F0 32 83 57 CD 7D 1F C8 44 21 75 FE CF 01
94 53 50 9D F1 CB C3 91 D7 2D DC DD 49 3B 82 17
8A 7D 51 0E 82 E9 02 DA 14 FC B6 02 3A 77 90 9B
6C 4B 77 80 79 4D A4 09 DA CE 92 F1 0E F7 DD 56
26 3D C1 DF 49 36 6D 7D 3C AD 30 E1 7F 94 2E 45
59 65 C3 43 68 8E 1A B7 0C 6E 15 03 BF B7 D0 17
71 B6 12 03 37 74 65 86 6A 7F E8 E0 C9 68 66 0D
35 E8 79 E6 09 45 B0 A0 D6 13 73 F8 AD 3B 90 B5
DC 90 EF D5 F4 E5 1E ED C1 58 63 7A E1 44 CA BA
C0 77 43 38 A1 07 C5 AC 48 E9 88 A1 35 5C 98 AD
65 E9 44 1F F4 31 C8 15 F6 7E E7 44 FB 1A B6 E1
47 CF B8 17 9B B2 DD 12 19 3A A5 57 5A BB 46 3F
92 E7 BC 7B 46 6B D9 33 5C C8 22 0F 2D C5 58 35
DA 72 B7 A6 77 4A A6 4F 0D 90 F7 B4 56 FC 90 AB
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input type="radio" name="tabs" checked="checked" id="tab1" />
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<h3> To decrypt, follow the instructions below. </h3>
<br>
<div class="text">
<!--text data -->
To recover data you need decryptor.<br>
To get the decryptor you should:<br>
<p>Send 1 crypted test image or text file or document to <span class="letter"> [email protected]</span><br>
(Or alternate mail <span class="letter">[email protected]</span>)</p><p>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file as proof and assign the price for decryption all files.<p></p>
After payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder..<br>
<p> <center><b><p style="color: #ffff66;">MOST IMPORTANT!!!</p></center>
<hr color="#ffff66">
<center><p style="color: #ffff66;"> We are ready to work through intermediaries and guarantors.
</b></p></center>
<hr color="#ffff66">
<ul>
<li>Only decoder_master proof can decrypt your files.</li>
<li>Antivirus programs can delete this document and you can not contact us later.</li>
<li>Attempts to self-decrypting files will result in the loss of your data.</li>
<li>Decoders other users are not compatible with your data, because each users unique encryption key.
</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
</ul>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
Emails
[email protected]</span><br>
class="letter">[email protected]</span>)</p><p>
URLs
http-equiv="Content-Type"
Targets
-
-
Target
c77a3398f92fc472a6536f8c5078789b6c1e157a4d4d4b343bfb320d00b8707a
-
Size
53KB
-
MD5
c5a90ccf99e848e1d3658892798e4952
-
SHA1
1ed2f4c279ec742d1671cf564cb2ad2074d3e885
-
SHA256
c77a3398f92fc472a6536f8c5078789b6c1e157a4d4d4b343bfb320d00b8707a
-
SHA512
9e0b92f18cf6a73b9caa2d29d14603d90cd600a6dfcbbfc6ea394852746b020bc504eeefce0c75d279dab5bc21dab51643b417685f9a824758cbd9cd856f914f
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-