General
-
Target
401ba4f6e28e07f7b9650d84a459308c0b0687745bb3ae343264346c23fc3b3f
-
Size
53KB
-
Sample
220211-htjbasdgej
-
MD5
31e64f89f72b4838ebcbbcbe5c112e6d
-
SHA1
ab32513b758bf16e38798e4d36c69c5351f6a79e
-
SHA256
401ba4f6e28e07f7b9650d84a459308c0b0687745bb3ae343264346c23fc3b3f
-
SHA512
c0a3860c531dbde5b928d641a705ddd9bd5213fef312befb5639a0511e6e954cc4298942cb3a2f6aada7d4049361d9b754818624bf74156c832f26d144d82287
Score
10/10
Malware Config
Extracted
Path
C:\how_to_back_files.html
Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
body {
background-color: #252525;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 5px;
color: #FF0000;
background: #1C1A1B;
}
.letter {
color: #FF0000;
font-weight: 600
}
.tabs1 .identi {
margin-left: 0px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #1C1A1B;
color: #F1EADA;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #F1EADA;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #1C1A1B;
color: #F1EADA;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top:0;
background: #1C1A1B;
color: #E29F12;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
</style>
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head"><h3>Your personal ID</h3></div>
<div class="identi">
<pre><span class="letter">
<pre>61 8A C5 82 90 D1 44 E1 56 F3 0E 18 9C 29 AB B5
B8 7A B3 DA 0D D7 5E 14 D3 CA 04 64 91 39 56 22
8D E0 89 CC 6E 34 45 C2 6A 84 21 B7 F3 3F FE D4
E0 B7 5F E8 20 F7 C5 2F 19 67 D6 D9 43 A2 36 91
8B 42 97 94 C4 CA E0 7C 22 3E D5 D4 27 D8 30 AB
CC 0E F7 ED F4 43 C0 7F EC AE 00 CA 12 4F 8F 82
BC F4 B8 08 EE 2D 8D DA 57 6E 04 9C 11 54 3A BC
2A D2 C0 15 4C 54 95 7F 42 FA 92 E1 10 CE 1F 34
04 44 58 47 43 46 D6 4D 11 8F D9 EA D3 04 47 36
E9 FB 0D E2 39 C8 B9 4C 2E 2A A5 97 E4 F6 15 04
3D 6D AB 1A A8 C7 4F 47 23 04 44 75 03 46 D5 8D
A0 3F F6 96 4E BE 34 3E 2A C4 A9 3C 69 C8 BD 2A
EB 97 F8 12 58 4D E2 86 DA C3 1E AC D1 EA A5 F6
F8 C9 39 4B 12 73 AD 02 12 7F 20 51 09 F4 57 FF
14 B1 6E 1A 76 F1 AE FB 35 9F 46 6C 8F 6B 56 20
4E 27 41 CB 1E 82 43 E9 09 2C CC C4 65 D6 B7 3D
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input type="radio" name="tabs" checked="checked" id="tab1" />
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<h3> To decrypt, follow the instructions below. </h3>
<br>
<div class="text">
<!--text data -->
To recover data you need decryptor.<br>
To get the decryptor you should:<br>
<p>Send 1 crypted test image or text file or document to <span class="letter"> [email protected]</span><br>
(Or alternate mail <span class="letter">[email protected]</span>)</p><p>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file as proof and assign the price for decryption all files.<p></p>
After payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder..<br>
<p> <center><b><p style="color: #ffff66;">MOST IMPORTANT!!!</p></center>
<hr color="#ffff66">
<center><p style="color: #ffff66;"> We are ready to work through intermediaries and guarantors.
</b></p></center>
<hr color="#ffff66">
<ul>
<li>Only diesel_space proof can decrypt your files.</li>
<li>Antivirus programs can delete this document and you can not contact us later.</li>
<li>Attempts to self-decrypting files will result in the loss of your data.</li>
<li>Decoders other users are not compatible with your data, because each users unique encryption key.
</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
</ul>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
������
Emails
[email protected]</span><br>
class="letter">[email protected]</span>)</p><p>
URLs
http-equiv="Content-Type"
Extracted
Path
C:\how_to_back_files.html
Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<style type="text/css">
body {
background-color: #252525;
}
{
margin: 0;
padding: 0;
}
h1, h3{
text-align: center;
text-transform: uppercase;
font-weight: normal;
}
/*---*/
.tabs1{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs1 .head{
text-align: center;
float: top;
text-transform: uppercase;
font-weight: normal;
display: block;
padding: 5px;
color: #FF0000;
background: #1C1A1B;
}
.letter {
color: #FF0000;
font-weight: 600
}
.tabs1 .identi {
margin-left: 0px;
line-height: 13px;
font-size: 13px;
text-align: center;
float: top;
display: block;
padding: 15px;
background: #1C1A1B;
color: #F1EADA;
}
/*---*/
.tabs{
width: 800px;
display: block;
margin: auto;
position: relative;
}
.tabs .tab{
float: left;
display: block;
}
.tabs .tab>input[type="radio"] {
position: absolute;
top: -9999px;
left: -9999px;
}
.tabs .tab>label {
display: block;
padding: 6px 21px;
font-size: 18x;
text-transform: uppercase;
cursor: pointer;
position: relative;
color: #FFF;
background: #F1EADA;
}
.tabs .content {
z-index: 0;/* or display: none; */
overflow: hidden;
width: 800px;
/*padding: 25px;*/
position: absolute;
top: 32px;
left: 0;
background: #1C1A1B;
color: #F1EADA;
opacity:0;
transition: opacity 400ms ease-out;
}
.tabs .content .text{
width: 700px;
padding: 25px;
}
.tabs>.tab>[id^="tab"]:checked + label {
top:0;
background: #1C1A1B;
color: #E29F12;
}
.tabs>.tab>[id^="tab"]:checked ~ [id^="tab-content"] {
z-index: 1;/* or display: block; */
opacity: 1;
transition: opacity 400ms ease-out;
}
</style>
<title>HOW TO DECRYPT YOUR FILES</title>
</head>
<body>
<div class="tabs1">
<div class="head"><h3>Your personal ID</h3></div>
<div class="identi">
<pre><span class="letter">
<pre>84 12 B1 76 90 C0 C5 40 F3 C2 AC 37 DD 40 37 2E
69 8F 10 91 80 4D F4 3B 98 CD F8 5E B9 AC 96 9A
B3 C0 79 DD B0 4F 70 0B 7C D5 37 01 9C 5E 21 C6
BF CA EF E9 5D A8 BE 3A E7 81 24 4F 0C 46 78 4A
B0 92 C3 3D 6D 06 51 41 E0 63 0F 3F 10 83 C9 52
75 A8 B1 C7 31 3C A3 E9 23 84 F8 55 50 4E 49 A1
33 F0 13 FF 91 A2 E4 E2 13 C6 1D CE 63 98 52 DB
29 A4 73 70 73 E4 13 27 A8 7C 6D CB 5A 47 AD B8
35 A9 35 A6 33 D1 03 0E 00 B3 D0 73 F9 82 DC 90
30 D0 0C 64 4E 3F 35 C7 15 49 2A BA 69 60 77 35
9E 61 25 7A E8 C6 7D E7 9D A9 73 EF 4D 1F 43 BE
D5 B8 14 65 22 2D 20 ED DB B9 98 AD 0D BB 52 18
6B 16 DB BB 39 E5 27 16 2D 83 54 C7 C0 9D C9 51
D1 C5 E6 83 C6 B9 DA B2 20 48 35 06 AE 6F 4F 46
63 00 C1 4F 7E 94 28 BC 40 80 0B 81 6A 7B 26 65
32 34 F8 2C 79 FA 75 10 29 93 79 E2 D0 89 5B 41
</pre><!-- !!! dont changing this !!! -->
</div>
</div>
<!-- -->
<div class="tabs">
<!--tab-->
<div class="tab">
<input type="radio" name="tabs" checked="checked" id="tab1" />
<label for="tab1">English</label>
<div id="tab-content1" class="content">
<h1>☠ Your files are encrypted! ☠</h1>
<h3> To decrypt, follow the instructions below. </h3>
<br>
<div class="text">
<!--text data -->
To recover data you need decryptor.<br>
To get the decryptor you should:<br>
<p>Send 1 crypted test image or text file or document to <span class="letter"> [email protected]</span><br>
(Or alternate mail <span class="letter">[email protected]</span>)</p><p>
In the letter include your personal ID (look at the beginning of this document).</p>
We will give you the decrypted file as proof and assign the price for decryption all files.<p></p>
After payment you will receive a decryptor and instructions We can decrypt one file in quality the evidence that we have the decoder..<br>
<p> <center><b><p style="color: #ffff66;">MOST IMPORTANT!!!</p></center>
<hr color="#ffff66">
<center><p style="color: #ffff66;"> We are ready to work through intermediaries and guarantors.
</b></p></center>
<hr color="#ffff66">
<ul>
<li>Only diesel_space proof can decrypt your files.</li>
<li>Antivirus programs can delete this document and you can not contact us later.</li>
<li>Attempts to self-decrypting files will result in the loss of your data.</li>
<li>Decoders other users are not compatible with your data, because each users unique encryption key.
</li>
</ul>
<!--text data -->
</div>
</div>
</div>
<!--tab-->
</ul>
<!--text data -->
</div>
</div>
<!--tab-->
</div>
</div>
</body>
</html>
������
Emails
[email protected]</span><br>
class="letter">[email protected]</span>)</p><p>
URLs
http-equiv="Content-Type"
Targets
-
-
Target
401ba4f6e28e07f7b9650d84a459308c0b0687745bb3ae343264346c23fc3b3f
-
Size
53KB
-
MD5
31e64f89f72b4838ebcbbcbe5c112e6d
-
SHA1
ab32513b758bf16e38798e4d36c69c5351f6a79e
-
SHA256
401ba4f6e28e07f7b9650d84a459308c0b0687745bb3ae343264346c23fc3b3f
-
SHA512
c0a3860c531dbde5b928d641a705ddd9bd5213fef312befb5639a0511e6e954cc4298942cb3a2f6aada7d4049361d9b754818624bf74156c832f26d144d82287
Score10/10-
GlobeImposter
GlobeImposter is a ransomware first seen in 2017.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-