General
-
Target
5db08b14399de2f67b027a874e0f553313c3030b7675b4fca216c857c0791a19
-
Size
55KB
-
Sample
220211-hne2pacac3
-
MD5
448cb2e74502d098ee016f4f17d48072
-
SHA1
71c251edebee783956ad8a7016ad22108c460a0a
-
SHA256
5db08b14399de2f67b027a874e0f553313c3030b7675b4fca216c857c0791a19
-
SHA512
f3e022e23b0b2a5ca798b5844ca6e8bf7f1e19c8b82f8ca1cad9b2ae3b52b5b953589280874e2d642c4a523341fc452e760d6bc42857a81cb798b489a127a231
Score
10/10
Malware Config
Extracted
Path
C:\$RESTORE_FILES$.html
Ransom Note
<html>
<style type="text/css">
body {
background-color: #404040;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 15px;
color: #000000;
background: #4A83FD;
}
.tabs1 .identi {
margin-left: 15px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #303030;
color: #DFDFDF;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #4A83FD;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #303030;
color: #DFDFDF;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top: 0;
background: #303030;
color: #F5F5F5;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
.mark {
background: #000000;
padding: 2px 10px;
font-weight: bold;
}
</style>
<head>
<meta charset="utf-8">
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head" ><h3>Your personal ID</h3></div>
<div class="identi">
<pre>������4E AA F7 6F 6E 5F 1D CD 2B 7C AE 89 9B F7 77 27
8B 47 94 9D 6F E2 67 03 7C 22 F8 E0 F8 33 CD 63
2C F3 C8 0F 18 C1 C7 F9 E1 A7 41 1B D2 5E 66 D9
35 9F 8A A5 69 D9 CC 23 AF EA F2 9B BB 6A 5E 0B
8C 50 99 12 F1 39 A8 47 FA BD BF B2 CE 72 BE B0
DE 3C 29 75 FE 9A BA 4B D2 96 AA 17 84 0E 28 86
69 43 EE A2 AF E9 AF BD E7 6A 33 91 B9 0B 4E 10
67 E5 3C ED FB DB F0 13 FB 86 8D 7A 0C 4E 14 B8
7F 14 C3 9B F2 25 D3 B4 5D B2 AD 3B D1 D2 20 A8
7B C9 BE 1D F1 9C CE 85 F9 D5 46 1E A9 82 12 7F
82 A0 E8 C4 34 6E 84 D5 7D 24 7E 82 C3 F7 B0 42
E5 9E 7B 3E F2 8F 76 E5 0C B7 BD 82 D7 FF DB 19
75 6D 90 F8 FD 19 3E 02 FB CD 1D 92 40 86 39 ED
2B CB EF 5D 95 B5 DE 6B 48 4F 15 50 9A C6 7F F7
FD 87 2B 23 7D C5 B8 47 FC A5 DA 2F 02 F6 31 12
E9 D6 5B 2E 96 81 8A 8E 15 EF AB 4E 35 3C CC 64
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input type="radio" name="tabs" checked="checked" id="tab1" />
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<hr/>
<h3>All your important data has been encrypted.</h3>
<br/>
<div class="text">
<!--text data -->
To recover data you need decryptor.</br>
To get the decryptor you should:</br>
<h1 align="left"> Save the ID before doing anything on the computer!!!</h1>
<h1 align="left"> Be sure to save this ID, without it decryption is impossible!!!</h1>
<p>Send 3 test image or text file <span class="mark">[email protected]</span> or <span class="mark">[email protected]</span>.</br>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file and assign the price for decryption all files</p>
After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions
We can decrypt one file in quality the evidence that we have the decoder.</br>
<center>Attention!</center></br>
<ul>
<li>Only <span class="mark">[email protected]</span> or <span class="mark">[email protected]</span> can decrypt your files</li>
<li>Do not trust anyone <span class="mark">[email protected]</span> or <span class="mark">[email protected]</span></li>
<li>Do not attempt to remove the program or run the anti-virus tools</li>
<li>Attempts to self-decrypting files will result in the loss of your data</li>
<li>Decoders other users are not compatible with your data, because each user's unique encryption key</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
</ul>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
����������
Emails
class="mark">[email protected]</span>
class="mark">[email protected]</span>.</br>
class="mark">[email protected]</span>
class="mark">[email protected]</span></li>
Extracted
Path
C:\$RESTORE_FILES$.html
Ransom Note
<html>
<style type="text/css">
body {
background-color: #404040;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 15px;
color: #000000;
background: #4A83FD;
}
.tabs1 .identi {
margin-left: 15px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #303030;
color: #DFDFDF;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #4A83FD;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #303030;
color: #DFDFDF;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top: 0;
background: #303030;
color: #F5F5F5;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
.mark {
background: #000000;
padding: 2px 10px;
font-weight: bold;
}
</style>
<head>
<meta charset="utf-8">
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head" ><h3>Your personal ID</h3></div>
<div class="identi">
<pre>������7A 7D EF 64 28 E5 99 5E 05 A7 25 D0 4D 8C C1 6F
27 8B 54 10 75 4A 2A 53 21 4D C8 75 BE 40 54 A0
4C 4E 0B C6 75 01 B1 13 04 46 EA 22 4F 3E F8 43
F4 EA 08 5B 9C 4C 9E 83 01 EA 97 36 59 18 81 63
13 2B 7D A4 B7 17 29 A7 0A DD 94 E4 A0 2A DE 1B
4C 64 DF FB 65 89 4C 2E 81 D9 DF F6 DE 65 F4 F6
1B 4A 73 AF C3 77 58 42 75 DA BE 7D 25 9A A8 75
DD A6 C0 16 42 06 36 56 8E D9 BD 28 47 7B F8 86
7B 02 C5 5A 5E BD 91 EE 27 F6 5A 1D 1F 13 8E E5
74 0A 56 7C 24 B3 87 B8 E3 36 EA A5 2B 93 C6 0A
47 46 83 46 B0 5A 84 96 1B 36 95 00 56 78 A0 1E
17 94 EA 01 03 1B 37 2B 2F ED AC C1 7D 52 8C 46
4A 0C 47 7A 65 D9 32 57 1B 87 86 2A 34 77 55 21
90 E6 D4 71 06 5F 3C 10 40 70 C0 8E 0F 79 1F EE
26 7F A0 41 FF 69 B7 3D C3 0E 2C 11 59 BD 07 1F
C9 FA 63 A7 C5 70 8E D3 61 9E C8 47 0A FF BB C2
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input type="radio" name="tabs" checked="checked" id="tab1" />
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<hr/>
<h3>All your important data has been encrypted.</h3>
<br/>
<div class="text">
<!--text data -->
To recover data you need decryptor.</br>
To get the decryptor you should:</br>
<h1 align="left"> Save the ID before doing anything on the computer!!!</h1>
<h1 align="left"> Be sure to save this ID, without it decryption is impossible!!!</h1>
<p>Send 3 test image or text file <span class="mark">[email protected]</span> or <span class="mark">[email protected]</span>.</br>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file and assign the price for decryption all files</p>
After we send you instruction how to pay for decrypt and after payment you will receive a decryptor and instructions
We can decrypt one file in quality the evidence that we have the decoder.</br>
<center>Attention!</center></br>
<ul>
<li>Only <span class="mark">[email protected]</span> or <span class="mark">[email protected]</span> can decrypt your files</li>
<li>Do not trust anyone <span class="mark">[email protected]</span> or <span class="mark">[email protected]</span></li>
<li>Do not attempt to remove the program or run the anti-virus tools</li>
<li>Attempts to self-decrypting files will result in the loss of your data</li>
<li>Decoders other users are not compatible with your data, because each user's unique encryption key</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
</ul>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
����������
Emails
class="mark">[email protected]</span>
class="mark">[email protected]</span>.</br>
class="mark">[email protected]</span>
class="mark">[email protected]</span></li>
Targets
-
-
Target
5db08b14399de2f67b027a874e0f553313c3030b7675b4fca216c857c0791a19
-
Size
55KB
-
MD5
448cb2e74502d098ee016f4f17d48072
-
SHA1
71c251edebee783956ad8a7016ad22108c460a0a
-
SHA256
5db08b14399de2f67b027a874e0f553313c3030b7675b4fca216c857c0791a19
-
SHA512
f3e022e23b0b2a5ca798b5844ca6e8bf7f1e19c8b82f8ca1cad9b2ae3b52b5b953589280874e2d642c4a523341fc452e760d6bc42857a81cb798b489a127a231
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-