maze

General

Target

4ff7eb34e69bc60cb01eea3098f88f4b729d4158b14939b012247b341452a75c
Size

513KB
Sample

220216-2zed3seba8
MD5

26328ef6a8d0476111b18a14fb84227b
SHA1

0386e019f5d1b581f75ba8a91dd204a0ffb7c8e1
SHA256

4ff7eb34e69bc60cb01eea3098f88f4b729d4158b14939b012247b341452a75c
SHA512

c74660fff3e5e82fba0bc57955f0a68f350eec7aebb40a0322ea81818ee61859a20cf47e94a35d531b98b83cca852a45e5e9ecc2ffce531b14c145f88432d97f

Score

10^/10

Malware Config

Extracted

Path

C:\DECRYPT-FILES.html

Ransom Note

<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000080; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 25%;"> <span class="left" style="font-size: 14px; font-weight: bold">CODE: <br>------ <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 </span> </td> <td style="width: 50%;"> <div style="text-align: center; font-size: 20px;"> <p><s>0010 SYSTEM FAILURE 0010</s></p> <p>*********************************************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>*********************************************************************************************************************</p> <br> </div> <div style="text-align: center; font-size: 18px;"> <p>The only way to decrypt your files, is to buy the private key from us.</p> <p>You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data.</p> <p>In order to receive the private key contact us via email: <br> <b>[email protected]</b> </p> <p>Remember to hurry up, as your email address may not be avaliable for very long.<br>Buying the key immediatly will guarantee that 100% of your files will be restored.</p> <p>Below you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br> <p>Base64: </p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">TZ8twkrbdzMc8aQxnipJKX8Z8A2oq/Vn/bO8dEQfBSd+pxQT68hczfevMHYCLlTMyeWI/JpeUU58CJxd1lEV5fd3omVTb3Qy08o9AsmDdliMO5p0R2S7Sa2Xi1w0uYc1Du+xPee8nMkUVzVcHFI8nD+a9HafFwa9MbeB4gsU+df2oYwDeCsdzC1+Zdoe3QPkRNGDIWKUUZIiC0y9ehYEpdrk1gQWUdp6r/uOzXslX3YrsGNVR02Eu4upcy5fdeWfjVfu3sMzItgpLebp7RYyd/ASjnDIlMCkvpxvQfNfDTM4J1A+1xP4TsT1I0tnvJ9m5nIUBoeWDSMCp9Ynvlu6YnkwGNR7IM0CF0bJK9J6AV48h/TKwrMcZB37AP5o2XhS18poOpf69hdKgRKRnMxWAZJP/Xln9bjg/0h5WK0hJD0BuCzPoKduoTAG6ykUBqV3Il8zDvyAOq4CuaQ6Z8R+mnc7sVS8LV52Gl89oacosy+VOVw5vZxvdNBcwnGrWjSpkfWdwNmzradYbW1hSIvIL2L/l7V+BjZa5kAjL2uSzeMn9tDD6pcAgoRAJ7ItUco19mT0W84knk/vX16FBy4Dfpq6QBoG7hVOQunMVBWBQd3CJOo0IHRpVKCmw2GOn19EGV/+lsla7+XjJfGEMP2F/CH26Rzy4NHD3c2WdZD0fHbsdxKnOLFfJRwul72a44k5w/CGdZc6Uqn8+wNIoSR5YigWJZCTB7/EU2o0RRzmrbQ/gwaKpJ3SpecUXq/EUnBewbc1fKq5ymJO3iZih2jaSyQfYF48W1jTyDiR4Oht38xgCE0cV9oiIzE7q6QFsleMw5NIhBqn7scy4pSntAvkuU7zhjv0JssfNtJwBJV0130DnvFqSmYMTtnyxKo/VJIRbHN+EKL2EpetxZLPvJ7GEHOYGOXHjtnzZtxs5Nc1KKG5+sRM07CYTV+98fAJlOauwr6vQtEBqFZV55NKyHu+grrD/AStk2Hq8uzSDdgv72fANbz+ohNQDflA6UGwdw2OSl44WIfzSifJMCokHhyojajibVzEboaWUyCCfGU5JnXdldH2CSAak9ZuK2evoTZePa9zR4oohXThVK7CQ/5VDWf2XYkWsvxT26u/uTGacaTg6Qkp5Mcq0KJUwBLp9xjyTi05bI5XagFB7qg/MEhhMm+nkIu1ZRrqwse/DBqqW+aWeVPjKLjupzDumJ/jfz3zt8LauBDtLglJRkcYgiCptJz5XVZO9ZLEkvpDh6EgtQoh6XHAJ6lXqWfmsoq8/xKQeVsG+xm0+HikZ/+z61f5D39okbGQLEZ/NflMdXh5+PU670B5fND0KyfROl+D1nX8ajrMVoBULEnq2mbJVirqjicOa2slM0ga0yUhDLy7eC+19IXdAsLHkYTnhW+ttE/SXQg3UnICGUIAB9My5evuXA8UToPcY2zGbtZdpwdtqxXVW82D75V4wKNykiuDn2sgP0cSOIV7W551CFtCHtr+N0m7EBfuqN9FToZE86hCG+ZpGDib96cISpe/RCjd8i7Ize//jr5VbLE9/EiW8hp68hDiMtsEWvtvvPByqngt7Kyws/FwxwJv79wYjkb6PLQrLYyBW4l5l2fyCpjXxia1ZDBLlkF3wTwNHhSGHMESG72mNpRXs3jcaT9P9RpTfTbAT4XowXvXJ4gLmTiv3gHmowuRaIYSr6froLd7w1yRznhwj6KThWD4CcvKwZo0hYB3RyjJX/mbFjLsHj0gAOCdn3Yeg/RdaOYSoW/oLRYCxIFF3KBjb9Yt9a7enNPex0SmojhwoNytXUkwgcjFm7SoaRlVwdi20ZHgP2FVeYVeUUsg46vCKK4VlapbgBJGPjr3uMtfo6r8ldbO4TEvqlSCkeYKqbyzdycI9VE5mWym9qOakywk3IpfZ2mfS7Ow/gRrT+5C6L+bhV90c7DCHgYaB9AT35fc/mjNUuzzkCD+1p6uJCxaQH3HL3hwA75TlQdki7jK0xtQ+yYOY+hR2eFfje+3nPnOCXf7WPTLJYxeJeq2sUkCrM/LaPldF/lQKYP4C1BXn0CkFK8pAXRvaB2jk4+VHl1V+Yd0Z8VkzxdWZtxch9c6vitZLf4Iaj8nRAkFjPrCAlnThPuLkPxvXv6e9dOWPnNAzenNSQr7PKDad9+PUAhnioE0FL7Zz+3FVUuZbGMDFH0kLtt8uAVDJMAOUBDhKU4p8iQPfnfkt4drEIU/gOIAu5nMyx/IXc651ZEhzKKUnAoiOAA5ADIAZQAwADkAOQBjAGUANwAxADUAYgAwADkAZQAAABCAYBoMQQBkAG0AaQBuAAAAIhJWAFEAVgBWAE8AQQBKAEsAAAAqDG4AbwBuAGUAfAAAADImVwBpAG4AZABvAHcAcwAgADcAIABVAGwAdABpAG0AYQB0AGUAAABCNnwAQwBfAEYAXwAyADAANAA4ADMALwAyADYAMQA4ADQAMQB8AEQAXwBVAF8AMAAvADAAfAAAAEgAUEBYiQhgiQhoiQhwpYHae3gDgAECigEDMS4w<span class="tooltiptext">Click here to copy</span></p></div></td><td style="width: 25%; text-align: right;"><span class="right" style="font-size: 14px; font-weight: bold">IMMINENT SHUTDOWN:<br>------<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00</span></td></tr></table></body></html>

Emails

<b>[email protected]</b>

Extracted

Path

C:\DECRYPT-FILES.html

Ransom Note

<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000080; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 25%;"> <span class="left" style="font-size: 14px; font-weight: bold">CODE: <br>------ <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 </span> </td> <td style="width: 50%;"> <div style="text-align: center; font-size: 20px;"> <p><s>0010 SYSTEM FAILURE 0010</s></p> <p>*********************************************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>*********************************************************************************************************************</p> <br> </div> <div style="text-align: center; font-size: 18px;"> <p>The only way to decrypt your files, is to buy the private key from us.</p> <p>You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data.</p> <p>In order to receive the private key contact us via email: <br> <b>[email protected]</b> </p> <p>Remember to hurry up, as your email address may not be avaliable for very long.<br>Buying the key immediatly will guarantee that 100% of your files will be restored.</p> <p>Below you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br> <p>Base64: </p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">l6Z/JWC+edeb++CvH7+W08q97NW6sjAI2/PZjhy67ivnLQCMNcL3ZeGHX4k7GNn+vNMtdYyLJFVaz103PhKpSSk5Sy1RmRfFSX+e5J7SuxdiLREbaTEjOy4pzeHcRoztkMrwkUxiRqpyb3CuCvRiBOcgIuWU8xPe9OhtlaAtgPFyGMkwypDHIkPbN85O5O8Nrb71Uz059UpGUtSQBgW/FDs9CYm9gPI/Carne4LEPV0KTLIzu6oUS7HslVT2Bg9GIshUmweREB0DJKla67tLRSzO6AY0ageP8JsC7awvzMGyFOWqPfk5Zv0Et9QN/ijegUmUrshc7nsaAFjYmyTKpWKAi8qbhQHhL8TEitRrdk1DA3rjRUSfl6xyM/k+qEkEVYocVl5WlIoSptWof0QTlcYgxHfUd7Ru8D0ZRbSDcS2y2t5eK8bHNRpK5ffhxSh0QcpRHe4PQ9+9kZd34l3EKammUsUHcuErJUhzTIiU0jR0NQb1UHogXOC5W5LO/6SXuEnCRfpFHUmZmg103NPBfmhogCkP8RjSLgJRwPkvq/9xxsiq/nyDk7MSO0jIPWYwbtcJjG94z/VpZRN32uMOOiCP+58hv3Gl1nk1aoYMMwoU0n509R0znDwY22jTHUexp1bldQDBaMknUyWk5tii6sT9uqQVkfk4qbe2G7JBsa3+zux5NjFvI7jYa3qY2FcpZEwfeEE9IWvJBIinhp/RywlSdD8YWi+ahsRR0ypw6KmbYFcFr+xBwr847oyB+AVopGiMk8B70KM/46Xkx08WbSIuFNXmveqiepGm/g2nJcozVCEv5PBRo91sst0JX6nmrc1EmTalO+kVg/P0+rHc97zxzjj4Kqom0RfDh/t6G2BKVOmcPQFv7HPPqM95k8beygLwvdnj1TC5SRrqh1DGqqSbbUZ5t4N/IZw2ewTSvFwroqDFgqPHtIwiBhrJrwL4HPZc3c5mx1vXn8/Ps97ix5N/j6DXKGol2lfILUFnak++GMgzB2MSawVlxLDjdqjj/Ec5wwUtqqnayNIdrjye0KH2E5y5RvqjLLeBKfql6Eb4SF02+/lbCAW/t4iZgOKga6s/27sQkF8RECv00Mg/2vzNoSnFOBGCW9+71F0RY9zpyRb1+5XC13PnzHGG74ib0LLizTw8PMalse4YbyWzA5tcmFcVkLzNoDpPgowBKmIk993IiAd5fy8ZqLF/a6HiR9wreeu2ybpIuO3z1KobIJzneE2LCRIH5xFM1ViUiAR0VYR8DkAi//ghlfzfVY0rdfWG0cKq33UQ5KLjHh/9i9RrfvSZqgilVQ/YAk5mptyTZIEqO6XzLE2ighaukJ91Jj8XAyBOj+RcXi8BdLn/b0bswfFsSPzumsmFA8Z8bahDak4k7oAzA5WHd3K4MtKdcQjf0YgEtAUz+C31Zgm/vTi0cieOsT5TcW4ExA4om/1XR+MaEGXCH40ZVnKlSTDPXu7ctPwefLxOzx4c1LzBli4LQB1HyjD0JZR0e1QBP1kn12FBQJYXU5UO28BR9ltqYZu1/Epe7mcui12fOV31MFUkOXif/zuqGd/yf/ck3W1jophJE9Cg9rLmNOSeciFzxxaHV4yEt4+taUAj1H0Rmfn4X51/5NIW4wopWZsu2GdGC2il8IvmAAN7IRQU8vvyGPb98K6zhfUnthWMzpshye+qNrNIkM2ozNlF4ykqKTbkJ9V5OZRXKLIYHbYE6vq2KBUC37Si2ufhX/08pTgHqEM3pYsqQqUUj7NA3VNIAynXT9J3H/ahZdhamwNDIv7RaDMlOur4jD4M0l/KoLfb9dNAcPF/qXdXkv15h/eyZBLg7W9xGOANkkPyCmFNJFbjaiqg/lRXURWTpbdpgwCm/YCDls6OxtJTfJC+pb3ffXjfI+zL4U2pJShWQU2HXvtMy5DKXnjqvA0zq7rZb87P2nwkZ2jEiF3vtsPlKjg/HTbGHYcW8Igm344l+MG4/8wbkGpm6+s2/8c8Scu0qS99HxKn+VhX2pEQzG8FcDE4jJ3s2I0y0Mun3l67QHjcxiB+qCFn72+IGl5RxTuZdpOV7xlY//kn4bujXDBOengYCfa+sL12OKHQTWA6uCOKMGi/h2sF5+ZTEgqesqvzvfA9jSd4L7BvlQsgb+w26lfVFVF88OgDUdfx0jhjKWEOaF3g3A5YGRv/NdiI8N58SDPhBqvR5qER4Xwd/t5HJzHMHvPG4+6Alaks8HNRNIBAy11azIj40goiOAA4ADAAMgAwADkAOQBjAGUAYgA0ADQAYgBiAGIANQAAABCAYBoMQQBkAG0AaQBuAAAAIhJKAEQAUQBQAFgATwBQAFIAAAAqDG4AbwBuAGUAfAAAADIsVwBpAG4AZABvAHcAcwAgADEAMAAgAEUAbgB0AGUAcgBwAHIAaQBzAGUAAABCNnwAQwBfAEYAXwAyADAANAA3ADkALwAyADYAMQA4ADQAMQB8AEQAXwBVAF8AMAAvADAAfAAAAEgAUEBYiQhgiQhoiQhwl/a3DngDgAECigEDMS4w<span class="tooltiptext">Click here to copy</span></p></div></td><td style="width: 25%; text-align: right;"><span class="right" style="font-size: 14px; font-weight: bold">IMMINENT SHUTDOWN:<br>------<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00</span></td></tr></table></body></html>

Emails

<b>[email protected]</b>

Targets

- Target
  
  4ff7eb34e69bc60cb01eea3098f88f4b729d4158b14939b012247b341452a75c
- Size
  
  513KB
- MD5
  
  26328ef6a8d0476111b18a14fb84227b
- SHA1
  
  0386e019f5d1b581f75ba8a91dd204a0ffb7c8e1
- SHA256
  
  4ff7eb34e69bc60cb01eea3098f88f4b729d4158b14939b012247b341452a75c
- SHA512
  
  c74660fff3e5e82fba0bc57955f0a68f350eec7aebb40a0322ea81818ee61859a20cf47e94a35d531b98b83cca852a45e5e9ecc2ffce531b14c145f88432d97f
Score

10^/10

maze ransomware spyware stealer trojan
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2