General
-
Target
xxx.exe
-
Size
38KB
-
Sample
220213-eak41adec3
-
MD5
2e936942613b9ef1a90b5216ef830fbf
-
SHA1
32c2ecf9703aec725034ab4a8a4c7b2944c1f0b7
-
SHA256
e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4
-
SHA512
e0c456502fb397b212fd480cda44cb404bfde11e1392842d4b81059881e3db8f93d8b72bbdb7d35a95680f89ee91022b7662a1902dc6e21be86db0f3c4389e27
Score
10/10
Malware Config
Extracted
Path
C:\NOKOYAWA_readme.txt
Ransom Note
Dear usernamme, your files were encrypted, some are compromised.
Be sure, you can't restore it without our help.
You need a private key that only we have.
Contact us to reach an agreement or we will leak your black shit to media:
[email protected]
[email protected]
亲爱的用户名,您的文件已加密,有些已被泄露。
请确保,如果没有我们的帮助,您将无法恢复它。
您需要一个只有我们拥有的私钥。
联系我们以达成协议,否则我们会将您的黑屎泄露给媒体:
[email protected]
[email protected]
Targets
-
-
Target
xxx.exe
-
Size
38KB
-
MD5
2e936942613b9ef1a90b5216ef830fbf
-
SHA1
32c2ecf9703aec725034ab4a8a4c7b2944c1f0b7
-
SHA256
e097cde0f76df948f039584045acfa6bd7ef863141560815d12c3c6e6452dce4
-
SHA512
e0c456502fb397b212fd480cda44cb404bfde11e1392842d4b81059881e3db8f93d8b72bbdb7d35a95680f89ee91022b7662a1902dc6e21be86db0f3c4389e27
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-