maze

General

Target

3fad98638b41c813c31eb8a61c44f57658f51f15b0bd00606efb58800d7ae746
Size

453KB
Sample

220216-22tlsafchp
MD5

04c77798b1753aab4c45e0e77c9c211a
SHA1

49f9148d406126b9e22ae1ffd099bec138c5823f
SHA256

3fad98638b41c813c31eb8a61c44f57658f51f15b0bd00606efb58800d7ae746
SHA512

47ac101031661f6c1f73af851066c8afef7c6841ea6c40242df423006e5a07e8b1a33764009392a1e4c80fc693a946847ac96c5928e83da2a6b81a658c13c787

Score

10^/10

Malware Config

Extracted

Path

C:\DECRYPT-FILES.html

Ransom Note

<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000080; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 25%;"> <span class="left" style="font-size: 14px; font-weight: bold">CODE: <br>------ <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 </span> </td> <td style="width: 50%;"> <div style="text-align: center; font-size: 20px;"> <p><s>0010 SYSTEM FAILURE 0010</s></p> <p>*********************************************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>*********************************************************************************************************************</p> <br> </div> <div style="text-align: center; font-size: 18px;"> <p>The only way to decrypt your files, is to buy the private key from us.</p> <p>You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data.</p> <p>In order to receive the private key contact us via email: <br> <b>[email protected]</b> </p> <p>Remember to hurry up, as your email address may not be avaliable for very long.<br>Buying the key immediatly will guarantee that 100% of your files will be restored.</p> <p>Below you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br> <p>Base64: </p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">8RMzltrDlDXecT4LEe2YpG1N/PJRdhtCFXmvYmkbw0VYZjcanYFHgeVy5FcD7qKXLOaRUZehQ6MGsv+H2Q7Aet4lnB323JiiWZgwy7hSidhOMyaFtHpUBRGw0evYwFmYAjkk7nmb8x0r0Rp3Eg6LzUgx/cUWaI3HMtHDvIKeScPjsClzFZd67JiF3b9RyhxnQD4hdWgzRupOBJEoOuCIfj2o1e0Edim+xbSZpAguk/qitWINs3vo8wKB25Izgb5WdKAICJYssJeKYMzUpKp81WM9au0Cb86h+GVbkNq0pMxIzqsGu5C2gHl8CDImtyuOEcwtrqBBNPVRTQOpCRQKUfLTtQr6X18wBBAfneyja2k5v4VllVhPq0hr0ftBrZVcUqCO1b94zKfR/p7TY6J4RrWBDIDJ4lS7l4pDIn+wgCRcYhhpS2ZX9weEXo13wwfsJsJjBmYv3y0GPfHGYtAJInGVIG8uroioMkIV7fTTInoR28fk1eHq5bPqt2NK92LAemExN8dP+Gc/q5EaMAeTptEUOgzpNn3XCXymli4mfhnjD/OOhYE/8fg6ssifrFSDoJuUKbIq7GzWaK/6gEYJN9uXfLVkGOmUI+OOJc3Mx7qOZr7Ivm8+mCUoh9uJDD7W50FgKu7R67G4Lfsj3hZveOOpXeIYsd51zLK9GQAZekmhwTrV8J0Kx+EKwCs+Y5S2eeACYnsprhHy9W8CbMqHA6iKmGMlj6ETfN8c1bFtdkXN4gJe/2k5Y6NWCRV/2v1pRmI3mphl6Kfjn8a+mw3zYuBJZJDnnoZJWMqqrTtNXoXFWnHK8sVVT4hIoh8ymBX2qVkRqixlEyNfHsv7iiRdpsIbPpI6jaUYXd/4s1pvmqxc/QNcfoObm4bQtM05Ec7MUqbgrYtoAxkgqAUNYDZjpVSyMwlmUL7R0sWruTnxLWvHB8fTIWUwD815dRqP4+OXRP09ZbptB3A5EVAHmZSIDyDLjWDzmFNPtjUz3OMaa8qCTKBQqE7U/xfQTKn7sV/i1TmNrPyhfDgAjB0wmVJhEQEt7pBj56aaNd4JTdfhaVphFbqXY2WmprZC8j9CYIZajjvp6wc+57fwBkDlo0Ako5mf20kg5o+r31yVcPylYdOhepwanLFWD+nB80sZR030zIX4aau3VJWISXPNADblsJKmUxVHfDGszbxAzzzzlNOWcQhLgCOw+a8eR8g2DnU18+WVw7U+2WKlEBEc508gfw+el6OME9sgz0PyUtY6E9ae6X2lZRVYHvNWpD23L1Vt+5M3f5lRtyHEz8SXC3TlHKWv2W32BCPORLs1YYdCxqh2mbFL+pGFvF8ym46AsfIXt28h2OUiIub5j/UN5WtVFY1vj7YRynTbceP0Lq/Z0GqUPubJWrL7k68/aHOrzZoCkIHpnUrdyLC3wP+B3yK2ixQN5J71KVYbB1VfDkD5L/jjCXNIe+I2JjrQ5Aw5kdSVs2Tc5E7U6GmTAQcnZ7wibkx7oDmZgaQBlxOOZTXvONXh+bvxzNcLz5TfiM2HCoZEmHX+7nPXxMVPTC1t94QqxDVVJO8oAnXAM/l7F5iIVR54bNzpLWcXOxtSZjOAfH5Rf/Q02e2hX1hR7oMc+kPHFbYQd3Z85DzYKvGZj+k/huEbt4l0Uv/sBeQ1APE8MJvMP3jly7P2285ajgjxBWdtwWMS82OPwzvNVuiwTCjYQOJ9Zlo/Hj4xdgxC0cgmb8wk3fbvpeIfZuDIzDZP0zuVt+bWy7TQ19qIxAI3+jhGFa6loLybXuFGDw2skuI6U4ql3Fa2mUOBsFOKV9vrt90eiqSgdSRcV2hdPV/SkmlFy+78V0xl1h7UdbwyqgeFtOmqzjsPltOwK8pVlxg2KP1PFzwjeRTZcaAj25BZ5X0RKWz9T6l5hT17zm6XS/LJUw/+tyG8m6mCBFSl8a+pwWOZv6gWHkTp+QTSFZJInSxLK9FX3jm+slvxRylfr7sr/Tu1XhROCDaZmQGo7+5hf4iW5DIeqeXZnqug/qCX6inaC9BBU2vPwrgzpqroj4OVfk0EgTnUx+G3Pij2+gvHt1UjD4kDh6mXFrHIQG+6hS5hggYxsj1CUpGTdkMb5PTtAmwINnVos0OIUyo+rL6Mw7RdI4irAoQgS9sAzdU2DFp86S6czbrJFjD8ND6wMHBGQthILSfvzsrYD3XZXMNBSKauTptjVamd6dZIwxqC6a2wwoZ4H/BbIZg07X99q9eXyalTVJagMQoiOAA4ADMAOAAwADkAOQA5ADgAYgAxAGMANQAzAGEAOAAAABCAYBoMQQBkAG0AaQBuAAAAIhJRAFMASwBHAEgATQBZAFEAAAAqDG4AbwBuAGUAfAAAADImVwBpAG4AZABvAHcAcwAgADcAIABVAGwAdABpAG0AYQB0AGUAAABCNnwAQwBfAEYAXwAyADAANAA4ADIALwAyADYAMQA4ADQAMQB8AEQAXwBVAF8AMAAvADAAfAAAAEgAUEBYiQhgiQhoiQhw8K/Ze3gBgAEBigEIMC45Lm9mZmw=<span class="tooltiptext">Click here to copy</span></p></div></td><td style="width: 25%; text-align: right;"><span class="right" style="font-size: 14px; font-weight: bold">IMMINENT SHUTDOWN:<br>------<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00</span></td></tr></table></body></html>

Emails

<b>[email protected]</b>

Extracted

Path

C:\DECRYPT-FILES.html

Ransom Note

<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000080; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 25%;"> <span class="left" style="font-size: 14px; font-weight: bold">CODE: <br>------ <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 </span> </td> <td style="width: 50%;"> <div style="text-align: center; font-size: 20px;"> <p><s>0010 SYSTEM FAILURE 0010</s></p> <p>*********************************************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>*********************************************************************************************************************</p> <br> </div> <div style="text-align: center; font-size: 18px;"> <p>The only way to decrypt your files, is to buy the private key from us.</p> <p>You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data.</p> <p>In order to receive the private key contact us via email: <br> <b>[email protected]</b> </p> <p>Remember to hurry up, as your email address may not be avaliable for very long.<br>Buying the key immediatly will guarantee that 100% of your files will be restored.</p> <p>Below you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br> <p>Base64: </p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">dkX7aGsNWJsnH+4ou6gvXOUOdEwlGUx+fMNgD3FJqXKE6zDk/qrwhPZNVh9y9MFOThveSMfN5o7luw3yKsewrIqHItBG1fv1FHDQHejA1je2P6czy3ZvOBHFkAjUMBh6N9c5zStmDi/ySJZPBrldopSmGBWzC7sRI5nf3P4doeINsZxLk0c/qxWT/WwtV2JA1Fcyla1l8fQu0dLrARfbLJ1EE8xn8A5Z0dm9aY0bHYv8K55qAPw5h196d7FfsjnwtBDPSgnvQ6NlzFLnrvfDBTjpcUlCeu9oqUrLGGVCexkzBEsoO6Q0LqBWi6eIWn2Y4QmzD3PeI4CRct9YMoBQZSIPg0X6isHgTRPA42daUGADISqqAOL1c5wAhLdx+SJwbEPVIVKItezdgcZhlQC02DLYWCpxuwYktr6crWRkwQvC6FukqxTrBQYCsGla+M6tpSV2MeQZD1/B57UFDfKE84CpkS91dgUC12OVpBmCzwbnqr9U8EAG0lb8szom/WIM84LKOApCWJuCfbnn0ewXQiOCvUvaXOIxTClL3Ornfn84eke5qgBc+JM+F1H43A/nH4xO3zf3NkkT+2T8YzVtaXrIHqKAhfOaDZ3FQT939dBZv+3p/s2yyBJzj5G07HPR+C47b+770GBeQjoEprhhY07RAgE1OLSZPIC2A3aF+BXLP7f31iRuO9KFIE7mUHakUNswmJV4W8j+hUpN7Dx6eOyOQnaVLr2coR4wC8FCjr0w3l9III+wLTJ7DXnoRA41ihcwRwil59vsUnTotsj/QIXtASknQB4VQatV4Wq2h7GlqnuZmG7aJNB+wwl1qZ1BEINcwz3iHbOMl2GJl+FuNXJwaPXWZxAg9ELswkPPE1HzPax/axNaFX9Hy2jnz4lx+IDLhespjFyUKa3bD3mzTVyP2VnIyL2bsO/Un4hWhEtbVk3YbpV6xTzPjpQk52W3hUp7jHmfJ/+PbY1uNgM0G8a9QVK8lpSnnSvtzpMtdCbEc2SrIvj+wNxlXxIVrSeBv5b/im4I+7XZfPednvTDwtRwpLWY6Or8uDjs5x2oS0h41cHFunHeYcJh8p1BclwBrE+3wbmhmMMEnBmHAjihoduAMWJLCB6yrQtfYRk5Ve4lDb9l51U4Y7MqXdE1YhQ0N2r7wEad1nirEOAw6avwirKH6DhCaufGf3BUJrNydhH2fUqcvzBw/WT7wmeauYZ5ojOZ8XfJfHN4aZjvolTJcBDSeZQmM2aia20NihnWOr1Z12CrQxSjobYlHo9OHMveyj9FEszbEQeeDJsWtldDF6LPZkQhb2jV8N222nE9esUskJA0kSov13DHi/kd50WSOj45hk/f3g7TdZYS7K9fRDcDpyr1bKeXyVhJyB31KSmRHXZ5BzqcFwYLVGFiWtYXGLT8iSDXZSa75KD5rBwPkO3m0an1e5zLBwSp2xpJcqUJjB2erw2GG+t6dTRHaHkxVslt8kmJSZhzPcy3jRjSE7ZbAgzBNXVUgfqulSj3pmybcejTPDyPOkzYDJTq0SB0FI9R+vjlqhzCfJj9zBpUID2bkjnbDDSGZfDKrvZwGw1lHWsfgNFBcsLEpvGB68oELEuCjEwSmcPe20SAC9layUkhkVu5TxGwxqfVF8+efpXXnvswEOlchAqJUv5BrMuQgeC2uleFQA3j2tteZKcIczNxoQogty1Of+rYlOmh7EK2LQ4WU5mgjVi6e984kJcrNizxgmnQNi4Ee25lNfhjIvHVokXLq8PNfNGGu6HjrOdue9eSQjJm875e1MUuSl36mliex7NIpeT4MJvrDU7LAQcKc2GIRoCWausm2xyrEQfkLt82NHOF/sfnGRckSTh3NizwGczmDQtwQNAMHzOuoNGcV/okhA+/sm1tUs9NiLHEIU8qQSSGAhXY0Mcer9vZcjPPDAUw4pGGh0pMjZppq3R8IfI9o/m87dfUTqfLBBJ8wwOCypsGQjiimdSMaWF5FLOK8FofNYP2LTCXffn+Gw6KXQ13OmchsgeL4bgkjq3ZgtaLCk/cNmqmUNtlieopBoLo88JFs2fl5oHBLX4aZl4JVr+ZnvkUXIn1dAn4NItyWsw0AlJOESEbuoA+d1lQaT+KFByy5LX8GhvG8YpCFxMr0BVZSs74sRyfDaz9+yfU5n8tHnoxhqLBZZzt//B/wAOhdeYNG2x3Exu3ncSneWzVD6FiHCbpMFEk5PWDRI++fgrqHF1GnyCjKqV2fwLYR17UMQoiOAA4ADAAMgAwADkAOQBjADIANABkADgAOAAyADQAMwAAABCAYBoMQQBkAG0AaQBuAAAAIhJKAEQAUQBQAFgATwBQAFIAAAAqDG4AbwBuAGUAfAAAADIsVwBpAG4AZABvAHcAcwAgADEAMAAgAEUAbgB0AGUAcgBwAHIAaQBzAGUAAABCNnwAQwBfAEYAXwAyADAANAA3ADcALwAyADYAMQA4ADQAMQB8AEQAXwBVAF8AMAAvADAAfAAAAEgAUEBYiQhgiQhoiQhw2ZS4DngBgAEBigEIMC45Lm9mZmw=<span class="tooltiptext">Click here to copy</span></p></div></td><td style="width: 25%; text-align: right;"><span class="right" style="font-size: 14px; font-weight: bold">IMMINENT SHUTDOWN:<br>------<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00</span></td></tr></table></body></html>

Emails

<b>[email protected]</b>

Targets

- Target
  
  3885589a3c94d0475a6d994e4644e682f4cff93f8b4d65f37508ffe706861363.exe
- Size
  
  453KB
- MD5
  
  248c960c1ae54103dea5bfae924f28e2
- SHA1
  
  504ce8efee0f7f8329c09c6d045a21c795a84b42
- SHA256
  
  3885589a3c94d0475a6d994e4644e682f4cff93f8b4d65f37508ffe706861363
- SHA512
  
  5b3dd4be33c48cedda5b9270a6454540e837e9611db4d43b35e7290ff7e25dd3b5c0342de6de38f12e8c7d5f291c62ef026236825134d1181e7ba5bdf8103464
Score

10^/10

maze ransomware spyware stealer trojan
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2