General
-
Target
415f0eafa836fdb515e825484e37cd3e761c3dfff922f8b9426e53a6155781d0
-
Size
53KB
-
Sample
220211-htchracag7
-
MD5
cb379148ae15024738913e5853f19381
-
SHA1
352b5ed355e1e4ff070aefe07ecd77f5e53948c0
-
SHA256
415f0eafa836fdb515e825484e37cd3e761c3dfff922f8b9426e53a6155781d0
-
SHA512
7c51604710f126bed2fb622c9f5e35ac41fc9dbe18d861c218a393db4b15e4b71b0a1daeea5662400bf99450be1f6ea591dec8d3f42f58c32d0675ecd66dae21
Score
10/10
Malware Config
Extracted
Path
C:\how_to_back_files.html
Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
body {
background-color: #252525;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 5px;
color: #FF0000;
background: #1C1A1B;
}
.letter {
color: #FF0000;
font-weight: 600
}
.tabs1 .identi {
margin-left: 0px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #1C1A1B;
color: #F1EADA;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #F1EADA;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #1C1A1B;
color: #F1EADA;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top:0;
background: #1C1A1B;
color: #E29F12;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
</style>
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head"><h3>Your personal ID</h3></div>
<div class="identi">
<pre><span class="letter">
<pre>91 0C 73 3B 85 9C 35 C5 68 F0 1B 20 27 FF 3A 5D
E2 E8 01 36 F0 58 F0 60 30 1D 19 AD 45 BE 09 7A
5D 4F B5 EA 68 64 55 81 88 07 7E 81 C8 A2 9A 6F
8E A6 2A 9A 1A 8B 37 DB 73 BE 0D D9 C1 10 E8 C2
67 D5 64 89 A6 92 3D D1 DF 76 2B 9D ED 69 24 6F
35 4F 3C 65 38 11 B1 66 A8 98 11 48 4B 7E 27 50
50 F9 F4 39 BC 6A 77 4D 10 5F 6B E1 5F 19 AA 60
86 EC A5 A9 57 DC 64 E9 7A 9D C2 75 E6 6C 58 B9
72 A7 7C BD 14 FA FF 1D 0B D5 18 9C 26 EB E8 39
FF D8 10 F1 56 8F E1 1D DC 42 4A D7 05 DB 2F AA
BD 96 DE FA D6 B0 05 BB 15 AD 39 54 24 E3 65 A3
30 C3 60 53 EA 5A AB CF B0 7F 56 FB 8E A0 3C 65
9C 89 9C 00 B6 90 FF 16 70 C7 56 5D 8A ED 2A F5
3A 47 72 96 31 47 2D ED EC 45 65 86 C0 5C 5D CC
77 81 4B 40 66 F7 B7 56 8F 28 8B 38 0A 8B CB AC
E8 50 18 BB 39 81 51 3B DE B1 70 6C 73 8A 7A A9
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input type="radio" name="tabs" checked="checked" id="tab1" />
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<h3> To decrypt, follow the instructions below. </h3>
<br>
<div class="text">
<!--text data -->
To recover data you need decryptor.<br>
To get the decryptor you should:<br>
<p>Send 1 crypted test image or text file or document to <span class="letter"> [email protected]</span><br>
(Or alternate mail <span class="letter">[email protected]</span>)</p><p>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file as proof and assign the price for decryption all files.<p></p>
After payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder..<br>
<p> <center><b><p style="color: #ffff66;">MOST IMPORTANT!!!</p></center>
<hr color="#ffff66">
<center><p style="color: #ffff66;"> We are ready to work through intermediaries and guarantors.
</b></p></center>
<hr color="#ffff66">
<ul>
<li>Only decoder_master proof can decrypt your files.</li>
<li>Antivirus programs can delete this document and you can not contact us later.</li>
<li>Attempts to self-decrypting files will result in the loss of your data.</li>
<li>Decoders other users are not compatible with your data, because each users unique encryption key.
</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
</ul>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
Emails
[email protected]</span><br>
class="letter">[email protected]</span>)</p><p>
URLs
http-equiv="Content-Type"
Extracted
Path
C:\how_to_back_files.html
Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
body {
background-color: #252525;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 5px;
color: #FF0000;
background: #1C1A1B;
}
.letter {
color: #FF0000;
font-weight: 600
}
.tabs1 .identi {
margin-left: 0px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #1C1A1B;
color: #F1EADA;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #F1EADA;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #1C1A1B;
color: #F1EADA;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top:0;
background: #1C1A1B;
color: #E29F12;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
</style>
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head"><h3>Your personal ID</h3></div>
<div class="identi">
<pre><span class="letter">
<pre>6B 80 57 F3 AF 3B 11 91 39 3A 55 E3 31 B3 71 87
93 24 D9 A7 75 35 8C 94 4B 8C 4B 28 AF 14 41 E7
C0 18 0A 37 D0 45 24 F3 51 A7 F8 2F A0 4D D4 A5
64 E5 7B A0 2E 3B CE BA 3F 9B 31 CD 5F 81 34 2D
B1 42 4A 31 60 B3 AE 78 FD 82 F3 85 33 1C DF 26
29 43 A3 29 DD D6 B4 7C 73 7C 6F 96 DB C3 BB 47
3A 5F C4 B8 4C 6F 33 C3 C2 26 DF 30 53 7F 2C BB
7C F6 91 A9 64 41 BD C8 D1 0B 5C 87 C1 9E EC 9A
47 ED 6E 3A 5F 47 4B 14 F3 91 CF 53 D9 3B CC A5
76 AE 60 36 53 75 0C 43 83 64 C6 EE 16 2E 0D DF
7F AF 70 8D 96 DF 86 9A 09 E5 48 E9 B0 5A 94 B3
0C 97 8B 1C 3D B2 37 D4 A7 19 49 61 49 D7 C1 8C
09 26 DE 41 D2 64 D7 2C 1F 7D FD 27 45 BF 95 29
37 2D D5 41 81 18 61 C5 78 FD 2A 28 CE 83 9B 4C
CA 46 12 9E 75 0D 1E D0 C8 81 19 10 2C A5 ED 0C
A2 96 47 2C 4C B9 47 D1 F4 01 A5 AB 54 3E F6 62
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input type="radio" name="tabs" checked="checked" id="tab1" />
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<h3> To decrypt, follow the instructions below. </h3>
<br>
<div class="text">
<!--text data -->
To recover data you need decryptor.<br>
To get the decryptor you should:<br>
<p>Send 1 crypted test image or text file or document to <span class="letter"> [email protected]</span><br>
(Or alternate mail <span class="letter">[email protected]</span>)</p><p>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file as proof and assign the price for decryption all files.<p></p>
After payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder..<br>
<p> <center><b><p style="color: #ffff66;">MOST IMPORTANT!!!</p></center>
<hr color="#ffff66">
<center><p style="color: #ffff66;"> We are ready to work through intermediaries and guarantors.
</b></p></center>
<hr color="#ffff66">
<ul>
<li>Only decoder_master proof can decrypt your files.</li>
<li>Antivirus programs can delete this document and you can not contact us later.</li>
<li>Attempts to self-decrypting files will result in the loss of your data.</li>
<li>Decoders other users are not compatible with your data, because each users unique encryption key.
</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
</ul>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
Emails
[email protected]</span><br>
class="letter">[email protected]</span>)</p><p>
URLs
http-equiv="Content-Type"
Targets
-
-
Target
415f0eafa836fdb515e825484e37cd3e761c3dfff922f8b9426e53a6155781d0
-
Size
53KB
-
MD5
cb379148ae15024738913e5853f19381
-
SHA1
352b5ed355e1e4ff070aefe07ecd77f5e53948c0
-
SHA256
415f0eafa836fdb515e825484e37cd3e761c3dfff922f8b9426e53a6155781d0
-
SHA512
7c51604710f126bed2fb622c9f5e35ac41fc9dbe18d861c218a393db4b15e4b71b0a1daeea5662400bf99450be1f6ea591dec8d3f42f58c32d0675ecd66dae21
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-