General
-
Target
ba0d8f4af4e60e6947b4a53f8f3131d09a04d8baad72b9df9c4977bd1e0d166d
-
Size
55KB
-
Sample
220211-hcc3ysbha9
-
MD5
c96d499632352d1b6d773a657558d6e7
-
SHA1
38ca5a10b96e8131f477248a1c1697347290e9dc
-
SHA256
ba0d8f4af4e60e6947b4a53f8f3131d09a04d8baad72b9df9c4977bd1e0d166d
-
SHA512
869836cb38ff22002761b5cbb7209f2a41751d1f4e24d26bc751b577596c7d27d6a28cf1e4e2f81151ad8f5d89404efd83e359652d93cdd5daf8ade352d9b0ea
Score
10/10
Malware Config
Extracted
Path
C:\HOW_TO_RESTORE_FILES.html
Ransom Note
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>HOW TO DECRYPT YOUR FILES</title>
<style>
html, body {height:100%;
color: #fff;
font-family: monospace;
background-color: #000;}
a,h1,h2,h3,h4,h5,h6 {color: #fff;text-decoration: none;}
a:hover {color: #aaa;}
ul {list-style: square outside;padding: 15px;}
.wrap {
position:relative;
width: 850px;
margin: 0px auto ;
height:auto !important;
height:100%;
min-height:100%;}
.contentdiv {padding:10px;}
.heading {
text-align: center;
font-size: 25px;
letter-spacing: 0px;
font-weight: 700;
text-transform: uppercase;}
.mould{
width: 400px;
display: block;
margin: auto;
text-align: center;
position: relative;}
.mould .main{
padding: 10px;
margin: 5px;
border-radius: 6px;}
.mould .main-part {
padding: 10px;
font-size: 12px;
font-weight: 700;
background-color: #252525;
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAAECAYAAACp8Z5+AAAAJ0lEQVQYV2NkYGD4z8vLywADjLy8vP/hPAYGBrjA58+fGUAqMVQAAPnKB51wUh2MAAAAAElFTkSuQmCC) repeat;}
.mould .id-text{color: #B22222; text-align: left;}
.mould .ID{overflow: auto;}
.content {
width: 800px;
display: block;
margin: auto;
position: relative;}
.text-data{
width: 800px;
padding: 10px;
font-size: 14px;}
.attention {
margin: 15px auto;
text-align: center;
font-size: 20px;
color: #fff;
font-weight: 700;
text-transform: uppercase;}
.emails {
background: #191919;
color: #34dddd;
padding: 2px 5px;
border-radius: 4px;}
.tech {border-left: 5px solid #3CB371;}
.our {
height: auto;
padding-bottom: 0;
padding-left: 5px;}
.our .support {
font-weight: bold;
text-indent: 5px;
height: 10px;
line-height: 20px;
padding-top: 5px;}
.our ul {margin-top: 0;}
.our ul li {padding: 1px;}
</style>
</head>
<body>
<!-- Head -->
<div class="wrap">
<div class="contentdiv">
<div class="heading">☠ Your files are encrypted ☠</div><br />
<div class="mould">
<div class="main">
<div class="main-part">
<div class="id-text">// Your personal ID</div>
<div class="ID">
<pre>�����91 1A 80 B2 E9 2D F5 A4 2C A1 F3 6B 81 E3 23 0D
BB F1 6C 0E BD EC 19 C7 B9 D8 61 46 C8 3E 8C 59
2D 79 59 B3 1E EC DD 9D D2 77 54 63 10 E3 34 74
62 63 70 BF D1 4C 65 6B 65 31 D6 53 03 61 05 20
70 AA BC 55 40 15 A7 D0 21 BA AE F2 B6 DF CB 3F
B9 3D 06 B6 00 3E 68 5A 17 18 79 3A B9 81 A8 48
EF D5 5B 20 84 7C 38 61 5B F8 BE CA E8 01 D1 7B
5A F7 DA F8 46 D1 9D AC A6 96 05 D0 BB D6 49 CC
AD 34 56 D3 31 B5 B4 39 B9 81 08 69 24 81 81 49
20 17 1E 0D 3D 70 B4 13 00 5E 20 44 5A E6 89 C9
F6 E2 97 40 E0 4B 72 68 B8 91 47 D7 04 98 80 DB
26 D3 15 A8 D7 BF 21 E8 9E 51 84 FE 4E 17 BF BC
C7 F7 06 9C 51 F9 95 DE B1 C7 CA E9 6C 88 A5 76
09 C3 C5 1D BB 1A B4 3C BB 5A 56 58 98 82 25 62
22 0D A7 32 65 14 61 35 BD 8E FE 6D F0 50 A6 AB
E1 7D C6 AA 8D A2 A7 5D B2 69 06 CD A0 FD BC C6
</pre>
</div>
</div>
</div>
</div>
<!-- end -->
<!-- index -->
<div class="content">
<!--tab-->
<hr align="center" width="800" color="White" />
<h3>ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED</h3>
<br />
<!-- end -->
<!--text data -->
<div class="text-data">
To recover data you need decryptor.<br />
To get the decryptor you should:<br />
<p>Send 3 test file not more than 10Mb: <span class="emails">[email protected]</span> or <span class="emails">[email protected]</span><br />
In the letter include <span style="color:#B22222">your personal ID</span><br />
You have to pay for decryption in Bitcoins.<br />
The price depends on how fast you write to us.<br />
After payment we will send you the decryption tool that will decrypt all your files.<br />
<div class="our tech">
<div class="support"> <span style="color:#006400">Our tech support is available 24\7</span></div>
<ul>
<li>Do not delete: Your personal ID</li>
<li>Write on e-mail, we will help you!
</ul>
</div>
<div class="attention">⚠ Attention ⚠</div>
<ul>
<li>Do not rename encrypted files.</li>
<li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li>
<li>Decryption of your files with the help of third parties may cause increased price<br /> [they add their fee to our] or you can become a victim of a scam.</li>
<li>Do not attempt to remove the program or run the anti-virus tools</li>
<li>Attempts to self-decrypting files will result in the loss of your data</li>
<li>Decoders are not compatible with other users of your data, because each user's unique encryption key</li>
</ul>
<!--text data -->
</div>
</div>
</div>
</div>
</body>
</html>���
Emails
class="emails">[email protected]</span>
class="emails">[email protected]</span><br
Extracted
Path
C:\HOW_TO_RESTORE_FILES.html
Ransom Note
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>HOW TO DECRYPT YOUR FILES</title>
<style>
html, body {height:100%;
color: #fff;
font-family: monospace;
background-color: #000;}
a,h1,h2,h3,h4,h5,h6 {color: #fff;text-decoration: none;}
a:hover {color: #aaa;}
ul {list-style: square outside;padding: 15px;}
.wrap {
position:relative;
width: 850px;
margin: 0px auto ;
height:auto !important;
height:100%;
min-height:100%;}
.contentdiv {padding:10px;}
.heading {
text-align: center;
font-size: 25px;
letter-spacing: 0px;
font-weight: 700;
text-transform: uppercase;}
.mould{
width: 400px;
display: block;
margin: auto;
text-align: center;
position: relative;}
.mould .main{
padding: 10px;
margin: 5px;
border-radius: 6px;}
.mould .main-part {
padding: 10px;
font-size: 12px;
font-weight: 700;
background-color: #252525;
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAAECAYAAACp8Z5+AAAAJ0lEQVQYV2NkYGD4z8vLywADjLy8vP/hPAYGBrjA58+fGUAqMVQAAPnKB51wUh2MAAAAAElFTkSuQmCC) repeat;}
.mould .id-text{color: #B22222; text-align: left;}
.mould .ID{overflow: auto;}
.content {
width: 800px;
display: block;
margin: auto;
position: relative;}
.text-data{
width: 800px;
padding: 10px;
font-size: 14px;}
.attention {
margin: 15px auto;
text-align: center;
font-size: 20px;
color: #fff;
font-weight: 700;
text-transform: uppercase;}
.emails {
background: #191919;
color: #34dddd;
padding: 2px 5px;
border-radius: 4px;}
.tech {border-left: 5px solid #3CB371;}
.our {
height: auto;
padding-bottom: 0;
padding-left: 5px;}
.our .support {
font-weight: bold;
text-indent: 5px;
height: 10px;
line-height: 20px;
padding-top: 5px;}
.our ul {margin-top: 0;}
.our ul li {padding: 1px;}
</style>
</head>
<body>
<!-- Head -->
<div class="wrap">
<div class="contentdiv">
<div class="heading">☠ Your files are encrypted ☠</div><br />
<div class="mould">
<div class="main">
<div class="main-part">
<div class="id-text">// Your personal ID</div>
<div class="ID">
<pre>�����51 7D 01 73 ED 30 37 80 26 EC 01 D6 92 D8 60 71
A8 19 94 CA 52 AF 2F D2 19 A9 1F 61 19 67 3A 62
51 C9 23 33 93 A8 A0 2D 8B D0 26 24 D1 DA AF 2E
C1 93 F8 80 C8 01 A5 52 1A A9 E8 07 E0 7D 67 7E
26 7D 5B 4C A7 E6 A9 D5 8F AF 15 6A D6 AE 04 BF
D2 38 17 B3 E2 5F E2 A8 3A F9 2F 1F BE 5F C6 2E
81 F2 BA B8 F3 A2 5A 26 87 92 23 ED 43 21 25 AC
06 89 E5 B7 78 37 B2 67 51 C4 55 B6 52 70 FD F6
DB 3B F2 A3 68 AD 40 FF 6D 6C 18 D2 0F 3E 2C 82
21 86 3A 9A 7C 7D ED FE F6 13 84 D2 58 DA D0 97
49 5D AE 90 4C CD DD FD 48 00 2A 52 7A CC 60 81
BA E4 8B 68 EB B6 C3 1D 59 CF BA BD C1 7E 43 DA
B7 E0 C6 32 00 D3 EA CA D6 1F 88 8C B2 F7 28 2E
3A 1B 9A A3 5B A2 D0 5E 35 AC D7 3C 99 F9 A3 CB
83 F5 5F F9 AC 6F 4B 27 F9 D8 74 CD 21 95 D0 90
33 75 7E 68 DC F2 67 D4 02 5B 53 4A E1 58 5C D5
</pre>
</div>
</div>
</div>
</div>
<!-- end -->
<!-- index -->
<div class="content">
<!--tab-->
<hr align="center" width="800" color="White" />
<h3>ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED</h3>
<br />
<!-- end -->
<!--text data -->
<div class="text-data">
To recover data you need decryptor.<br />
To get the decryptor you should:<br />
<p>Send 3 test file not more than 10Mb: <span class="emails">[email protected]</span> or <span class="emails">[email protected]</span><br />
In the letter include <span style="color:#B22222">your personal ID</span><br />
You have to pay for decryption in Bitcoins.<br />
The price depends on how fast you write to us.<br />
After payment we will send you the decryption tool that will decrypt all your files.<br />
<div class="our tech">
<div class="support"> <span style="color:#006400">Our tech support is available 24\7</span></div>
<ul>
<li>Do not delete: Your personal ID</li>
<li>Write on e-mail, we will help you!
</ul>
</div>
<div class="attention">⚠ Attention ⚠</div>
<ul>
<li>Do not rename encrypted files.</li>
<li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li>
<li>Decryption of your files with the help of third parties may cause increased price<br /> [they add their fee to our] or you can become a victim of a scam.</li>
<li>Do not attempt to remove the program or run the anti-virus tools</li>
<li>Attempts to self-decrypting files will result in the loss of your data</li>
<li>Decoders are not compatible with other users of your data, because each user's unique encryption key</li>
</ul>
<!--text data -->
</div>
</div>
</div>
</div>
</body>
</html>���
Emails
class="emails">[email protected]</span>
class="emails">[email protected]</span><br
Targets
-
-
Target
ba0d8f4af4e60e6947b4a53f8f3131d09a04d8baad72b9df9c4977bd1e0d166d
-
Size
55KB
-
MD5
c96d499632352d1b6d773a657558d6e7
-
SHA1
38ca5a10b96e8131f477248a1c1697347290e9dc
-
SHA256
ba0d8f4af4e60e6947b4a53f8f3131d09a04d8baad72b9df9c4977bd1e0d166d
-
SHA512
869836cb38ff22002761b5cbb7209f2a41751d1f4e24d26bc751b577596c7d27d6a28cf1e4e2f81151ad8f5d89404efd83e359652d93cdd5daf8ade352d9b0ea
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-