General
-
Target
40390854dd6d8c35e2946f3a43a6eca8460616fda013f4478b85c00a2e883de6
-
Size
55KB
-
Sample
220211-htf6yadgdr
-
MD5
76dd963e228564a6f9ed1d4a0c881e2c
-
SHA1
a642841bad3287dd546b723beb9192d478e4b0ca
-
SHA256
40390854dd6d8c35e2946f3a43a6eca8460616fda013f4478b85c00a2e883de6
-
SHA512
3a2250cce41d7ce4be751f8b2b913ac64354bfec2dfc20d4a441ba18d37085059efdf04674edf90339136bcdb5944b4dd6e1adc686dcbe5a75950a1c9a78fa43
Score
10/10
Malware Config
Extracted
Path
C:\HOW_TO_RESTORE_FILES.html
Ransom Note
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>HOW TO DECRYPT YOUR FILES</title>
<style>
html, body {height:100%;
color: #fff;
font-family: monospace;
background-color: #000;}
a,h1,h2,h3,h4,h5,h6 {color: #fff;text-decoration: none;}
a:hover {color: #aaa;}
ul {list-style: square outside;padding: 15px;}
.wrap {
position:relative;
width: 850px;
margin: 0px auto ;
height:auto !important;
height:100%;
min-height:100%;}
.contentdiv {padding:10px;}
.heading {
text-align: center;
font-size: 25px;
letter-spacing: 0px;
font-weight: 700;
text-transform: uppercase;}
.mould{
width: 400px;
display: block;
margin: auto;
text-align: center;
position: relative;}
.mould .main{
padding: 10px;
margin: 5px;
border-radius: 6px;}
.mould .main-part {
padding: 10px;
font-size: 12px;
font-weight: 700;
background-color: #252525;
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAAECAYAAACp8Z5+AAAAJ0lEQVQYV2NkYGD4z8vLywADjLy8vP/hPAYGBrjA58+fGUAqMVQAAPnKB51wUh2MAAAAAElFTkSuQmCC) repeat;}
.mould .id-text{color: #B22222; text-align: left;}
.mould .ID{overflow: auto;}
.content {
width: 800px;
display: block;
margin: auto;
position: relative;}
.text-data{
width: 800px;
padding: 10px;
font-size: 14px;}
.attention {
margin: 15px auto;
text-align: center;
font-size: 20px;
color: #fff;
font-weight: 700;
text-transform: uppercase;}
.emails {
background: #191919;
color: #34dddd;
padding: 2px 5px;
border-radius: 4px;}
.tech {border-left: 5px solid #3CB371;}
.our {
height: auto;
padding-bottom: 0;
padding-left: 5px;}
.our .support {
font-weight: bold;
text-indent: 5px;
height: 10px;
line-height: 20px;
padding-top: 5px;}
.our ul {margin-top: 0;}
.our ul li {padding: 1px;}
</style>
</head>
<body>
<!-- Head -->
<div class="wrap">
<div class="contentdiv">
<div class="heading">☠ Your files are encrypted ☠</div><br />
<div class="mould">
<div class="main">
<div class="main-part">
<div class="id-text">// Your personal ID</div>
<div class="ID">
<pre>�����A2 0F FC D9 AE D9 50 46 C2 2F C8 ED A1 A3 D5 95
D6 15 C7 0A DE 6F 73 FF BB C9 75 D4 09 4D E7 73
5C 9D 35 2F 07 53 F9 B0 DE E7 35 1C B7 FC F2 B1
9B 22 47 9C 90 A9 88 74 14 CE 4D 7C A4 0E F9 11
99 EB EA D9 99 28 EA A1 AC D3 DC E3 3C 6A 08 DF
3D C0 E0 9E 40 09 EE 8B 94 DD 43 1D 27 AC CD 8D
48 3A 20 A3 4C 27 78 54 5F 62 D9 35 56 05 8D 6C
72 2B 40 C8 77 04 A1 8C 32 B4 FC B8 38 0A C9 F2
6C C1 32 AC 51 95 EB 1A 40 9D 61 92 30 7E 25 FD
4E FA 23 00 A2 EA 28 E5 8F 61 98 8B B8 CC D9 E9
3A B2 E7 0C AD 34 CD 10 6E 1B C1 C7 22 8D 73 43
4D 57 30 9C 71 85 06 22 F9 CA F7 0F 35 34 5D CE
CF 68 88 69 59 A3 9A 79 59 D7 04 CD FB 1D 14 EE
9F 59 9B B8 B2 F7 00 C9 31 53 2F 80 9B 97 85 FE
45 C4 E1 C4 02 0C 0D 75 D8 72 FB 5E 4B 7F 62 E7
3C A2 18 11 F5 FB 6A 79 84 CB CA 2D 29 B2 60 8A
</pre>
</div>
</div>
</div>
</div>
<!-- end -->
<!-- index -->
<div class="content">
<!--tab-->
<hr align="center" width="800" color="White" />
<h3>ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED</h3>
<br />
<!-- end -->
<!--text data -->
<div class="text-data">
To recover data you need decryptor.<br />
To get the decryptor you should:<br />
<p>Send 3 test file not more than 10Mb: <span class="emails">[email protected]</span> or <span class="emails">[email protected]</span><br />
In the letter include <span style="color:#B22222">your personal ID</span><br />
You have to pay for decryption in Bitcoins.<br />
The price depends on how fast you write to us.<br />
After payment we will send you the decryption tool that will decrypt all your files.<br />
<div class="our tech">
<div class="support"> <span style="color:#006400">Our tech support is available 24\7</span></div>
<ul>
<li>Do not delete: Your personal ID</li>
<li>Write on e-mail, we will help you!
</ul>
</div>
<div class="attention">⚠ Attention ⚠</div>
<ul>
<li>Do not rename encrypted files.</li>
<li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li>
<li>Decryption of your files with the help of third parties may cause increased price<br /> [they add their fee to our] or you can become a victim of a scam.</li>
<li>Do not attempt to remove the program or run the anti-virus tools</li>
<li>Attempts to self-decrypting files will result in the loss of your data</li>
<li>Decoders are not compatible with other users of your data, because each user's unique encryption key</li>
</ul>
<!--text data -->
</div>
</div>
</div>
</div>
</body>
</html>���
Emails
class="emails">[email protected]</span>
class="emails">[email protected]</span><br
Extracted
Path
C:\HOW_TO_RESTORE_FILES.html
Ransom Note
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>HOW TO DECRYPT YOUR FILES</title>
<style>
html, body {height:100%;
color: #fff;
font-family: monospace;
background-color: #000;}
a,h1,h2,h3,h4,h5,h6 {color: #fff;text-decoration: none;}
a:hover {color: #aaa;}
ul {list-style: square outside;padding: 15px;}
.wrap {
position:relative;
width: 850px;
margin: 0px auto ;
height:auto !important;
height:100%;
min-height:100%;}
.contentdiv {padding:10px;}
.heading {
text-align: center;
font-size: 25px;
letter-spacing: 0px;
font-weight: 700;
text-transform: uppercase;}
.mould{
width: 400px;
display: block;
margin: auto;
text-align: center;
position: relative;}
.mould .main{
padding: 10px;
margin: 5px;
border-radius: 6px;}
.mould .main-part {
padding: 10px;
font-size: 12px;
font-weight: 700;
background-color: #252525;
background:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAQAAAAECAYAAACp8Z5+AAAAJ0lEQVQYV2NkYGD4z8vLywADjLy8vP/hPAYGBrjA58+fGUAqMVQAAPnKB51wUh2MAAAAAElFTkSuQmCC) repeat;}
.mould .id-text{color: #B22222; text-align: left;}
.mould .ID{overflow: auto;}
.content {
width: 800px;
display: block;
margin: auto;
position: relative;}
.text-data{
width: 800px;
padding: 10px;
font-size: 14px;}
.attention {
margin: 15px auto;
text-align: center;
font-size: 20px;
color: #fff;
font-weight: 700;
text-transform: uppercase;}
.emails {
background: #191919;
color: #34dddd;
padding: 2px 5px;
border-radius: 4px;}
.tech {border-left: 5px solid #3CB371;}
.our {
height: auto;
padding-bottom: 0;
padding-left: 5px;}
.our .support {
font-weight: bold;
text-indent: 5px;
height: 10px;
line-height: 20px;
padding-top: 5px;}
.our ul {margin-top: 0;}
.our ul li {padding: 1px;}
</style>
</head>
<body>
<!-- Head -->
<div class="wrap">
<div class="contentdiv">
<div class="heading">☠ Your files are encrypted ☠</div><br />
<div class="mould">
<div class="main">
<div class="main-part">
<div class="id-text">// Your personal ID</div>
<div class="ID">
<pre>�����D2 A3 69 E0 81 72 96 5D 72 48 49 D8 8B 1E 3F 02
83 9D 32 0C B6 DC 81 B2 30 D4 56 61 0D 99 C5 97
6F 76 B6 FD CF 4F 97 2B CD F8 A7 EC E3 7D CB 39
F0 1F 48 F4 65 10 AA 5E 2A C5 81 6A 68 E4 05 30
2E D9 F9 F7 E4 15 4A A4 1F 89 6B 5B 2B 5F C9 15
6E B9 A2 71 3F D4 2E A0 65 CD 98 FD C5 77 01 F0
09 0F 32 C8 7A 0F 56 89 59 E9 25 50 C7 DD DC 72
B6 2A 9D 7F 6F 9A 5B 1A 4E E0 10 8F E4 06 B2 25
7B 06 7F 2E 65 D4 7C BF DE 48 DB A6 95 52 DF 5A
85 56 6E AA 6F 91 31 8C 88 4A 52 A8 4E 5F 15 A2
36 AC 9B 09 A5 A3 F8 24 B7 CC A2 39 2B A6 7C 97
84 74 C4 4F 9F 71 FF 3A 5C A1 12 7D ED D3 92 AE
89 D6 47 35 A3 53 EB 39 F5 AF 17 BA C0 F7 43 24
F8 90 61 5E 76 36 D6 30 2F 40 0C 5A D9 30 CC C4
95 4C 94 1E 9E D2 43 13 B1 BF A9 66 F4 3D 6A 9F
2F 87 DC C4 19 D4 57 85 84 69 02 DF 33 29 A0 C9
</pre>
</div>
</div>
</div>
</div>
<!-- end -->
<!-- index -->
<div class="content">
<!--tab-->
<hr align="center" width="800" color="White" />
<h3>ALL YOUR IMPORTANT DATA HAS BEEN ENCRYPTED</h3>
<br />
<!-- end -->
<!--text data -->
<div class="text-data">
To recover data you need decryptor.<br />
To get the decryptor you should:<br />
<p>Send 3 test file not more than 10Mb: <span class="emails">[email protected]</span> or <span class="emails">[email protected]</span><br />
In the letter include <span style="color:#B22222">your personal ID</span><br />
You have to pay for decryption in Bitcoins.<br />
The price depends on how fast you write to us.<br />
After payment we will send you the decryption tool that will decrypt all your files.<br />
<div class="our tech">
<div class="support"> <span style="color:#006400">Our tech support is available 24\7</span></div>
<ul>
<li>Do not delete: Your personal ID</li>
<li>Write on e-mail, we will help you!
</ul>
</div>
<div class="attention">⚠ Attention ⚠</div>
<ul>
<li>Do not rename encrypted files.</li>
<li>Do not try to decrypt your data using third party software, it may cause permanent data loss.</li>
<li>Decryption of your files with the help of third parties may cause increased price<br /> [they add their fee to our] or you can become a victim of a scam.</li>
<li>Do not attempt to remove the program or run the anti-virus tools</li>
<li>Attempts to self-decrypting files will result in the loss of your data</li>
<li>Decoders are not compatible with other users of your data, because each user's unique encryption key</li>
</ul>
<!--text data -->
</div>
</div>
</div>
</div>
</body>
</html>���
Emails
class="emails">[email protected]</span>
class="emails">[email protected]</span><br
Targets
-
-
Target
40390854dd6d8c35e2946f3a43a6eca8460616fda013f4478b85c00a2e883de6
-
Size
55KB
-
MD5
76dd963e228564a6f9ed1d4a0c881e2c
-
SHA1
a642841bad3287dd546b723beb9192d478e4b0ca
-
SHA256
40390854dd6d8c35e2946f3a43a6eca8460616fda013f4478b85c00a2e883de6
-
SHA512
3a2250cce41d7ce4be751f8b2b913ac64354bfec2dfc20d4a441ba18d37085059efdf04674edf90339136bcdb5944b4dd6e1adc686dcbe5a75950a1c9a78fa43
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-