Overview

overview

10

Static

static

05a6fca525...23.dll

windows7_x64

10

05a6fca525...23.dll

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    05a6fca52556551b286603a139394bfb6526c8f5d87929f1ed68908b7a76a623

  • Size

    212KB

  • Sample

    220305-s2n7maacdl

  • MD5

    25a0c625ef34156e73a69a477e80a6e8

  • SHA1

    2bb975338e4ed4f24aaaa231b161bcb228a2bc3f

  • SHA256

    05a6fca52556551b286603a139394bfb6526c8f5d87929f1ed68908b7a76a623

  • SHA512

    b5822c9f05240cb41ef69ec0fe3ba38f12389b6507e256b39905749ecd951617904d94b9ea0006c6cfd52e7aec64e93fa85a5a16ff26c06791a0d37e2aad805e

Score
10/10
balaclavaransomware

Malware Config

Extracted

Path

C:\RECOVERY DATA INFORMATION.TXT

Family

balaclava

Ransom Note
Hello! If you see this message - this means your files are now encrypted and are in a non-working state! Now only we can help you recover. If you are ready to restore the work - send us an email to the address [email protected] In the letter, specify your personal identifier, which you will see below. In the reply letter we will inform you the cost of decrypting your files. Also from your servers files, documents, databases SQL, PDF were uploaded to our cloud storage After we agree, you will receive a decryption program, as well as all your files on our server will be deleted. Otherwise, they will fall into the open access of the Internet! Before payment you can send us 1-2 files for test decryption. We will decrypt the files you requested and send you back. This ensures that we own the key to recover your data. The total file size should be no more than 3 MB, the files should not contain valuable information (databases, backups, large Excel spreadsheets ...). Please be sure that we will find common languge. We will restore all the data. Email to contact us - [email protected] Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. Your personal ID: 82A-AA9-7B6

Extracted

Path

C:\RECOVERY DATA INFORMATION.TXT

Family

balaclava

Ransom Note
Hello! If you see this message - this means your files are now encrypted and are in a non-working state! Now only we can help you recover. If you are ready to restore the work - send us an email to the address [email protected] In the letter, specify your personal identifier, which you will see below. In the reply letter we will inform you the cost of decrypting your files. Also from your servers files, documents, databases SQL, PDF were uploaded to our cloud storage After we agree, you will receive a decryption program, as well as all your files on our server will be deleted. Otherwise, they will fall into the open access of the Internet! Before payment you can send us 1-2 files for test decryption. We will decrypt the files you requested and send you back. This ensures that we own the key to recover your data. The total file size should be no more than 3 MB, the files should not contain valuable information (databases, backups, large Excel spreadsheets ...). Please be sure that we will find common languge. We will restore all the data. Email to contact us - [email protected] Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. Your personal ID: 131-C08-774

Targets

    • Target

      05a6fca52556551b286603a139394bfb6526c8f5d87929f1ed68908b7a76a623

    • Size

      212KB

    • MD5

      25a0c625ef34156e73a69a477e80a6e8

    • SHA1

      2bb975338e4ed4f24aaaa231b161bcb228a2bc3f

    • SHA256

      05a6fca52556551b286603a139394bfb6526c8f5d87929f1ed68908b7a76a623

    • SHA512

      b5822c9f05240cb41ef69ec0fe3ba38f12389b6507e256b39905749ecd951617904d94b9ea0006c6cfd52e7aec64e93fa85a5a16ff26c06791a0d37e2aad805e

    Score
    10/10
    balaclavaransomware

    • Balaclava Malware

      Balaclava malware is a ransomware program.

      ransomwarebalaclava

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks