6b2eef51eb8d2da78055f70b99a85766ba6731a99a5c1b90eaaa80a47ca42702

General

Target

6b2eef51eb8d2da78055f70b99a85766ba6731a99a5c1b90eaaa80a47ca42702
Size

27KB
Sample

220215-kg1qxscgh7
MD5

77b7e9ffa41774dd3b2947628ee4a6e1
SHA1

80cd3cda8a7794050d73a8c00e388b3ac27c2493
SHA256

6b2eef51eb8d2da78055f70b99a85766ba6731a99a5c1b90eaaa80a47ca42702
SHA512

ac13223c483cca0404974487825f82e3390041bc6d4d3896fe4b97898c1542bb83d7324fd71a0af0caed031aee75a46df00f1605bf8363b5024f284476ec09a7

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Links\HELP_DECRYPT_YOUR_FILES.txt

Ransom Note

Oops All Of your important files were encrypted Like document pictures videos etc.. Don't worry, you can return all your files! All your files, documents, photos, databases and other important files are encrypted by a strong encryption. How to recover files? RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key. The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files. What guarantees you have? As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file Please You must follow these steps carefully to decrypt your files: Send $500 worth of bitcoin to wallet: bc1q6ug0vrxz66d564qznclu9yyyvn6zurskezmt64 after payment,we will send you Decryptor software contact email: CCWhite@onionmail.org Your personal ID: nF0jbQ9jJ2SkNrUdaSqAZiMKEa7opH2eDo7xKTfAIUqkry5EtaeSp7r1kJje1hIEhB65HuaombhB3t1g9aaYh82EJdp3l0MQLvhIuZ0YUPQvQ4NyKhjQttrovSDkJ5IMltMDyTNfzzWh7QbdaYqFVnTBgYD6C/fPtO+0HVv6Sm0=

Emails

CCWhite@onionmail.org

Extracted

Path

C:\Users\Admin\Links\HELP_DECRYPT_YOUR_FILES.txt

Ransom Note

Oops All Of your important files were encrypted Like document pictures videos etc.. Don't worry, you can return all your files! All your files, documents, photos, databases and other important files are encrypted by a strong encryption. How to recover files? RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key. The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files. What guarantees you have? As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file Please You must follow these steps carefully to decrypt your files: Send $500 worth of bitcoin to wallet: bc1q6ug0vrxz66d564qznclu9yyyvn6zurskezmt64 after payment,we will send you Decryptor software contact email: CCWhite@onionmail.org Your personal ID: sQ21fcXpFQ/6l6KURgxOAYnyNSJcluR22jzU4w8j6/pRXJMgQlW/AaNGvlALjHtvnsvmTvnMd7Eu6yp0pKn28Qq7S0lK80w9xOge0gfdSExpIeDlarqx2bw9y2bPW42qge/BDkkB95xLCbn/u/pTc0vR85EZaMdyOOBNszVFd9w=

Emails

CCWhite@onionmail.org

Targets

- Target
  
  6b2eef51eb8d2da78055f70b99a85766ba6731a99a5c1b90eaaa80a47ca42702
- Size
  
  27KB
- MD5
  
  77b7e9ffa41774dd3b2947628ee4a6e1
- SHA1
  
  80cd3cda8a7794050d73a8c00e388b3ac27c2493
- SHA256
  
  6b2eef51eb8d2da78055f70b99a85766ba6731a99a5c1b90eaaa80a47ca42702
- SHA512
  
  ac13223c483cca0404974487825f82e3390041bc6d4d3896fe4b97898c1542bb83d7324fd71a0af0caed031aee75a46df00f1605bf8363b5024f284476ec09a7
Score

10^/10

evasion ransomware trojan
- UAC bypass
  evasion trojan
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2