General
-
Target
b0218cc130eb7bf6919249d5e45e085a6196381213ba215f3ac4e95faac05ed1
-
Size
55KB
-
Sample
220211-hdwxfsdefj
-
MD5
31b00898b80e8969e66e730751e6bc0b
-
SHA1
77776298181a2796133335760875416f28869c88
-
SHA256
b0218cc130eb7bf6919249d5e45e085a6196381213ba215f3ac4e95faac05ed1
-
SHA512
423ca1880a4b649d186d03e7cadd3ce6abbf69795c5be8eedd5a36a7728beda785dadcbd64ae56da7bb7895f3ec9fe72f84e061a10cd8073d38b5e61df11ca4f
Score
10/10
Malware Config
Extracted
Path
C:\HOW_TO_RESTORE_FILES.html
Ransom Note
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>HOW TO DECRYPT YOUR FILES</title>
<style>
html, body {height:100%;
color: #fff;
font-family: monospace;
background-color: #000;}
a,h1,h2,h3,h4,h5,h6 {color: #fff;text-decoration: none;}
a:hover {color: #aaa;}
ul {list-style: square outside;padding: 15px;}
.wrap {
position:relative;
width: 850px;
margin: 0px auto ;
height:auto !important;
height:100%;
min-height:100%;}
.contentdiv {padding:10px;}
.heading {
text-align: center;
font-size: 25px;
letter-spacing: 0px;
font-weight: 700;
text-transform: uppercase;}
.mould{
width: 400px;
display: block;
margin: auto;
text-align: center;
position: relative;}
.mould .main{
padding: 10px;
margin: 5px;
border-radius: 6px;}
.mould .main-part {
padding: 10px;
font-size: 12px;
font-weight: 700;
background-color: #252525;
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAAECAYAAACp8Z5+AAAAJ0lEQVQYV2NkYGD4z8vLywADjLy8vP/hPAYGBrjA58+fGUAqMVQAAPnKB51wUh2MAAAAAElFTkSuQmCC) repeat;}
.mould .id-text{color: #B22222; text-align: left;}
.mould .ID{overflow: auto;}
.content {
width: 800px;
display: block;
margin: auto;
position: relative;}
.text-data{
width: 800px;
padding: 10px;
font-size: 14px;}
.attention {
margin: 15px auto;
text-align: center;
font-size: 20px;
color: #fff;
font-weight: 700;
text-transform: uppercase;}
.emails {
background: #191919;
color: #34dddd;
padding: 2px 5px;
border-radius: 4px;}
.tech {border-left: 5px solid #3CB371;}
.our {
height: auto;
padding-bottom: 0;
padding-left: 5px;}
.our .support {
font-weight: bold;
text-indent: 5px;
height: 10px;
line-height: 20px;
padding-top: 5px;}
.our ul {margin-top: 0;}
.our ul li {padding: 1px;}
</style>
</head>
<body>
<!-- Head -->
<div class="wrap">
<div class="contentdiv">
<div class="heading">☠ Your files are encrypted ☠</div><br />
<div class="mould">
<div class="main">
<div class="main-part">
<div class="id-text">// Your personal ID</div>
<div class="ID">
<pre>�������������01 35 12 23 58 7E E8 53 A4 53 54 4A 4D B1 29 07
99 A6 F2 56 E0 38 34 6E F9 E3 95 41 89 1C 45 D8
38 56 97 B8 A8 A2 B1 91 23 C9 C6 6C 8D E6 0E FA
F1 57 BB A9 16 1A A6 78 2A F3 27 28 41 F7 66 93
4F 35 F2 D7 9F DD 07 1D B6 7A AD 50 63 E5 07 7C
66 FB B6 03 19 44 B2 D5 C3 83 3E BE 0D 9C 44 8C
B1 CB 89 54 CB 28 5A 44 D6 25 34 73 BB E3 30 F8
D8 99 6E D9 CE D3 6B A6 F2 12 A5 D4 8A 33 52 CF
11 25 8F FA E4 9D AB A3 0D 3C EC 67 25 D0 92 53
A6 F0 B9 95 2A 17 E2 3A D9 5C 4F 8D 10 36 38 6F
AC 36 2F 4B C6 AA 21 F1 2F 85 4D 50 A7 91 39 BB
47 93 CD 45 50 B7 14 78 C4 61 CE 73 E4 15 76 45
40 BE 06 67 5F 78 85 36 DF F6 20 18 A5 5E 75 E6
D3 32 64 C2 2F 3F E2 3D 63 72 D6 A7 5A 57 47 14
AA 24 67 35 BE 28 A8 69 D4 C2 69 28 80 B5 49 42
C7 DA A9 7C 83 B4 17 7E 53 43 60 13 9D 43 FA 03
</pre>
</div>
</div>
</div>
</div>
<!-- end -->
<!-- index -->
<div class="content">
<!--tab-->
<hr align="center" width="800" color="White" />
<h3>ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED</h3>
<br />
<!-- end -->
<!--text data -->
<div class="text-data">
To recover data you need decryptor.<br />
To get the decryptor you should:<br />
<p>Send 3 test file not more than 10Mb: <span class="emails">[email protected]</span> or <span class="emails">[email protected]</span><br />
In the letter include <span style="color:#B22222">your personal ID</span><br />
You have to pay for decryption in Bitcoins.<br />
The price depends on how fast you write to us.<br />
After payment we will send you the decryption tool that will decrypt all your files.<br />
<div class="our tech">
<div class="support"> <span style="color:#006400">Our tech support is available 24\7</span></div>
<ul>
<li>Do not delete: Your personal ID</li>
<li>Write on e-mail, we will help you!
</ul>
</div>
<div class="attention">⚠ Attention ⚠</div>
<ul>
<li>Do not rename encrypted files.</li>
<li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li>
<li>Decryption of your files with the help of third parties may cause increased price<br /> [they add their fee to our] or you can become a victim of a scam.</li>
<li>Do not attempt to remove the program or run the anti-virus tools</li>
<li>Attempts to self-decrypting files will result in the loss of your data</li>
<li>Decoders are not compatible with other users of your data, because each user's unique encryption key</li>
</ul>
<!--text data -->
</div>
</div>
</div>
</div>
</body>
</html>���
Emails
class="emails">[email protected]</span>
class="emails">[email protected]</span><br
Extracted
Path
C:\HOW_TO_RESTORE_FILES.html
Ransom Note
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>HOW TO DECRYPT YOUR FILES</title>
<style>
html, body {height:100%;
color: #fff;
font-family: monospace;
background-color: #000;}
a,h1,h2,h3,h4,h5,h6 {color: #fff;text-decoration: none;}
a:hover {color: #aaa;}
ul {list-style: square outside;padding: 15px;}
.wrap {
position:relative;
width: 850px;
margin: 0px auto ;
height:auto !important;
height:100%;
min-height:100%;}
.contentdiv {padding:10px;}
.heading {
text-align: center;
font-size: 25px;
letter-spacing: 0px;
font-weight: 700;
text-transform: uppercase;}
.mould{
width: 400px;
display: block;
margin: auto;
text-align: center;
position: relative;}
.mould .main{
padding: 10px;
margin: 5px;
border-radius: 6px;}
.mould .main-part {
padding: 10px;
font-size: 12px;
font-weight: 700;
background-color: #252525;
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAAECAYAAACp8Z5+AAAAJ0lEQVQYV2NkYGD4z8vLywADjLy8vP/hPAYGBrjA58+fGUAqMVQAAPnKB51wUh2MAAAAAElFTkSuQmCC) repeat;}
.mould .id-text{color: #B22222; text-align: left;}
.mould .ID{overflow: auto;}
.content {
width: 800px;
display: block;
margin: auto;
position: relative;}
.text-data{
width: 800px;
padding: 10px;
font-size: 14px;}
.attention {
margin: 15px auto;
text-align: center;
font-size: 20px;
color: #fff;
font-weight: 700;
text-transform: uppercase;}
.emails {
background: #191919;
color: #34dddd;
padding: 2px 5px;
border-radius: 4px;}
.tech {border-left: 5px solid #3CB371;}
.our {
height: auto;
padding-bottom: 0;
padding-left: 5px;}
.our .support {
font-weight: bold;
text-indent: 5px;
height: 10px;
line-height: 20px;
padding-top: 5px;}
.our ul {margin-top: 0;}
.our ul li {padding: 1px;}
</style>
</head>
<body>
<!-- Head -->
<div class="wrap">
<div class="contentdiv">
<div class="heading">☠ Your files are encrypted ☠</div><br />
<div class="mould">
<div class="main">
<div class="main-part">
<div class="id-text">// Your personal ID</div>
<div class="ID">
<pre>�������������71 5F 4B A5 80 2A CC 7F AC D0 9E B0 87 DF D2 A6
8F 13 C1 51 23 6E 82 C3 36 CE C3 8B 12 69 8A 29
69 61 8A 4F DB 7C 9D 50 F7 83 EF 01 47 6E B3 12
10 D6 0F B6 3F 07 67 2F B8 61 78 CA FB 8B 31 32
76 78 B6 A0 43 4C C3 B5 CF 32 F8 CA 82 E7 17 79
85 70 DC 27 19 CE EE 0D 16 82 A5 DF E4 1C A5 08
D5 0D 35 C3 A5 CB 39 DD 1B 62 CD 77 04 B9 A9 80
F1 10 E8 5F C0 B7 76 38 A5 80 79 99 5D 88 0D 90
FC 7B B3 1D 22 22 6A EF 4E 30 5A B3 02 F7 28 8E
62 7B 21 50 BB 99 5A 96 31 95 BD BE A8 1E 8D 2E
09 67 11 5A 1F D0 85 D7 E3 03 62 92 1C 9E AA BA
23 F1 A8 37 2C F7 C2 5B B2 89 E1 B2 08 28 96 C0
E2 E2 24 A1 EE 75 37 0A 0C 43 1E 7A 15 6E 87 EE
8F 76 80 C1 9D CE A4 CE 2E F2 D6 0B 4F 0B 52 7A
E0 E1 F8 95 8B DA 87 24 73 32 E1 D6 AC 58 E1 23
AC C4 0C CE 03 51 C8 98 6F 27 51 A6 F2 A6 37 24
</pre>
</div>
</div>
</div>
</div>
<!-- end -->
<!-- index -->
<div class="content">
<!--tab-->
<hr align="center" width="800" color="White" />
<h3>ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED</h3>
<br />
<!-- end -->
<!--text data -->
<div class="text-data">
To recover data you need decryptor.<br />
To get the decryptor you should:<br />
<p>Send 3 test file not more than 10Mb: <span class="emails">[email protected]</span> or <span class="emails">[email protected]</span><br />
In the letter include <span style="color:#B22222">your personal ID</span><br />
You have to pay for decryption in Bitcoins.<br />
The price depends on how fast you write to us.<br />
After payment we will send you the decryption tool that will decrypt all your files.<br />
<div class="our tech">
<div class="support"> <span style="color:#006400">Our tech support is available 24\7</span></div>
<ul>
<li>Do not delete: Your personal ID</li>
<li>Write on e-mail, we will help you!
</ul>
</div>
<div class="attention">⚠ Attention ⚠</div>
<ul>
<li>Do not rename encrypted files.</li>
<li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li>
<li>Decryption of your files with the help of third parties may cause increased price<br /> [they add their fee to our] or you can become a victim of a scam.</li>
<li>Do not attempt to remove the program or run the anti-virus tools</li>
<li>Attempts to self-decrypting files will result in the loss of your data</li>
<li>Decoders are not compatible with other users of your data, because each user's unique encryption key</li>
</ul>
<!--text data -->
</div>
</div>
</div>
</div>
</body>
</html>���
Emails
class="emails">[email protected]</span>
class="emails">[email protected]</span><br
Targets
-
-
Target
b0218cc130eb7bf6919249d5e45e085a6196381213ba215f3ac4e95faac05ed1
-
Size
55KB
-
MD5
31b00898b80e8969e66e730751e6bc0b
-
SHA1
77776298181a2796133335760875416f28869c88
-
SHA256
b0218cc130eb7bf6919249d5e45e085a6196381213ba215f3ac4e95faac05ed1
-
SHA512
423ca1880a4b649d186d03e7cadd3ce6abbf69795c5be8eedd5a36a7728beda785dadcbd64ae56da7bb7895f3ec9fe72f84e061a10cd8073d38b5e61df11ca4f
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-