General
-
Target
45713d402c18d0896e03e12d1714bc68a23a4e84dae66e0e574e577e474dc032
-
Size
53KB
-
Sample
220211-hszlwsdgdl
-
MD5
ff492cb282b0efce39d8cda1e9b0fb9c
-
SHA1
5ee1b9dca65881e174203c3a7ba90a2709850361
-
SHA256
45713d402c18d0896e03e12d1714bc68a23a4e84dae66e0e574e577e474dc032
-
SHA512
bb6ef254a60172db40925d8477ae51f11167b832650df8d981e72ecb2cc563fc693900c4a77f8b0d775dc216a3c0d44be9a5bd595f2514ee6029d43136b644b9
Score
10/10
Malware Config
Extracted
Path
C:\how_to_back_files.html
Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
body {
background-color: #252525;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 5px;
color: #FF0000;
background: #1C1A1B;
}
.letter {
color: #FF0000;
font-weight: 600
}
.tabs1 .identi {
margin-left: 0px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #1C1A1B;
color: #F1EADA;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #F1EADA;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #1C1A1B;
color: #F1EADA;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top:0;
background: #1C1A1B;
color: #E29F12;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
</style>
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head"><h3>Your personal ID</h3></div>
<div class="identi">
<pre><span class="letter">�������������46 15 87 CF 26 1B 4A B8 28 6D B9 AF F6 EF 2B 10
44 4E 6E D9 B1 E3 B0 65 1F 24 C2 F0 C0 DB A7 CD
FD AE D3 E4 B5 56 24 EE 4C B4 D3 F0 64 46 CB 43
07 EF 2A 59 F9 0E 1E FD 1D 63 59 87 10 A7 FE 19
D2 2A A4 21 AD E6 E6 57 FF 37 4D 03 76 30 4C DE
30 86 5F 0D 68 E0 0C 69 F3 35 18 2B 25 79 10 A6
90 50 8F AF 5E 56 71 5D 87 0E B9 3B B8 EE C1 72
5D A5 6F B9 EC B4 90 AF FD BE 5F 29 CA 72 33 6C
23 06 20 D4 08 4E D3 30 F6 53 BD 2D 58 B4 C1 6D
C5 21 12 C6 E7 A9 2F 51 4A BB 62 DE E1 AE 75 5E
54 65 49 91 3C DE 0E 0D 80 3D 1B F9 DD 1B 4F 02
B0 30 4F E4 71 E5 A9 FA 16 CB CA 9E BD 8F 71 78
89 92 AB 97 00 E2 B4 AC 8F 46 89 19 53 55 0C 64
A8 39 A7 41 5E 32 37 68 2A 0E 04 3C 89 F3 D9 C9
2E 2E 44 4B 15 3B B3 15 07 D5 28 66 5F 6E 2D 7C
4C F5 CD 84 77 29 9F 91 D5 A8 17 DE C5 65 C0 1B
</span><p></p>
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input name="tabs" checked="checked" id="tab1" type="radio">
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<h3> To decrypt, follow the instructions below. </h3>
<br>
<div class="text">
<!--text data -->
To recover data you need decryptor.<br>
To get the decryptor you should:<br>
<p>Send 1 crypted test image or text file or document to <span class="letter"> [email protected]</span><br>
(Or alternate mail <span class="letter">[email protected]</span>)</p><p>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file as proof and assign the price for decryption all files.<p></p>
After payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder..<br>
<p> <center><b><p style="color: #ffff66;">MOST IMPORTANT!!!</p></center>
<hr color="#ffff66">
<center><p style="color: #ffff66;"> We are ready to work through intermediaries and guarantors.
</b></p></center>
<hr color="#ffff66">
<ul>
<li>Only crypto.support with proof can decrypt your files.</li>
<li>Antivirus programs can delete this document and you can not contact us later.</li>
<li>Attempts to self-decrypting files will result in the loss of your data.</li>
<li>Decoders other users are not compatible with your data, because each users unique encryption key.
</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
<!--text data -->
</div>
<!--tab-->
</body></html>������
Emails
[email protected]</span><br>
class="letter">[email protected]</span>)</p><p>
URLs
http-equiv="Content-Type"
Extracted
Path
C:\how_to_back_files.html
Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
body {
background-color: #252525;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 5px;
color: #FF0000;
background: #1C1A1B;
}
.letter {
color: #FF0000;
font-weight: 600
}
.tabs1 .identi {
margin-left: 0px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #1C1A1B;
color: #F1EADA;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #F1EADA;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #1C1A1B;
color: #F1EADA;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top:0;
background: #1C1A1B;
color: #E29F12;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
</style>
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head"><h3>Your personal ID</h3></div>
<div class="identi">
<pre><span class="letter">�������������76 A5 C6 15 C8 0F DC A4 15 FE 16 C4 6C C3 98 D3
A4 C7 02 69 C8 E9 6B 1A 24 FF 21 B2 0B ED DC 7D
48 62 D3 A5 24 0E 75 04 81 8D C5 FC 33 E6 40 B3
70 1A 56 C0 4F 72 B1 42 66 7A A7 4F B7 3B 7C 61
BB 56 BE D2 04 DE AF 49 37 CB 48 C9 D3 85 84 E0
73 4E 8A AF AC BB 5C 8C F8 F6 DD EB 35 14 F1 E3
3D 75 7C 1B CF C3 20 4B 32 BB 10 58 D3 14 2B 60
96 76 46 32 4D 11 57 80 72 CB 7A 86 AF E6 C0 9E
8D 00 25 A9 09 27 A7 C0 47 F0 CD 18 4B 88 6B D3
6C CE DA 98 11 2D 75 65 91 B5 63 C9 EB 20 BD 57
81 42 30 7A CE EC 36 EE 13 B3 55 6F BA D4 3A 4D
75 E4 0E BA A1 1D 8A BE 3B BC 8D 80 50 93 9B 62
31 54 1A 09 CD 7F BD 9B C3 88 19 40 A5 1D C8 44
DA 23 0E 7F E6 10 DF EB 83 5D 67 08 4F 39 42 D0
BB EA 78 A9 FE 4A 07 71 A9 F6 DE 39 50 D6 68 7C
73 03 FE B3 49 48 E0 70 1D B7 90 25 B4 83 F7 08
</span><p></p>
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input name="tabs" checked="checked" id="tab1" type="radio">
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<h3> To decrypt, follow the instructions below. </h3>
<br>
<div class="text">
<!--text data -->
To recover data you need decryptor.<br>
To get the decryptor you should:<br>
<p>Send 1 crypted test image or text file or document to <span class="letter"> [email protected]</span><br>
(Or alternate mail <span class="letter">[email protected]</span>)</p><p>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file as proof and assign the price for decryption all files.<p></p>
After payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder..<br>
<p> <center><b><p style="color: #ffff66;">MOST IMPORTANT!!!</p></center>
<hr color="#ffff66">
<center><p style="color: #ffff66;"> We are ready to work through intermediaries and guarantors.
</b></p></center>
<hr color="#ffff66">
<ul>
<li>Only crypto.support with proof can decrypt your files.</li>
<li>Antivirus programs can delete this document and you can not contact us later.</li>
<li>Attempts to self-decrypting files will result in the loss of your data.</li>
<li>Decoders other users are not compatible with your data, because each users unique encryption key.
</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
<!--text data -->
</div>
<!--tab-->
</body></html>������
Emails
[email protected]</span><br>
class="letter">[email protected]</span>)</p><p>
URLs
http-equiv="Content-Type"
Targets
-
-
Target
45713d402c18d0896e03e12d1714bc68a23a4e84dae66e0e574e577e474dc032
-
Size
53KB
-
MD5
ff492cb282b0efce39d8cda1e9b0fb9c
-
SHA1
5ee1b9dca65881e174203c3a7ba90a2709850361
-
SHA256
45713d402c18d0896e03e12d1714bc68a23a4e84dae66e0e574e577e474dc032
-
SHA512
bb6ef254a60172db40925d8477ae51f11167b832650df8d981e72ecb2cc563fc693900c4a77f8b0d775dc216a3c0d44be9a5bd595f2514ee6029d43136b644b9
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-