Overview

overview

10

Static

static

fefd1117c2...ab.exe

windows7_x64

10

fefd1117c2...ab.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fefd1117c2f0ab88d8090bc3bdcb8213daf8065f12de1ee6a6c641e888a27eab.bin

  • Size

    38KB

  • Sample

    220311-23y8nacde4

  • MD5

    22a006b6d19558c3cebd708b2b0543bc

  • SHA1

    2d92468b5982fbbb39776030fab6ac35c4a9b889

  • SHA256

    fefd1117c2f0ab88d8090bc3bdcb8213daf8065f12de1ee6a6c641e888a27eab

  • SHA512

    821833b5ffbb2f80f12214d969c033c23126fc2f4ef44f30d8b88236906512db5631e029f55d13869a4dc90e7bbee27fcfb8a391300178e4f055e22213d7b97b

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\NOKOYAWA_readme.txt

Ransom Note
Dear usernamme, your files were encrypted, some are compromised. Be sure, you can't restore it without our help. You need a private key that only we have. Contact us to reach an agreement or we will leak your black shit to media: charlefletcher@onionmail.org Johnatannielson@protonmail.com 亲爱的用户名,您的文件已加密,有些已被泄露。 请确保,如果没有我们的帮助,您将无法恢复它。 您需要一个只有我们拥有的私钥。 联系我们以达成协议,否则我们会将您的黑屎泄露给媒体: charlefletcher@onionmail.org Johnatannielson@protonmail.com
Emails

charlefletcher@onionmail.org

Johnatannielson@protonmail.com

Targets

    • Target

      fefd1117c2f0ab88d8090bc3bdcb8213daf8065f12de1ee6a6c641e888a27eab.bin

    • Size

      38KB

    • MD5

      22a006b6d19558c3cebd708b2b0543bc

    • SHA1

      2d92468b5982fbbb39776030fab6ac35c4a9b889

    • SHA256

      fefd1117c2f0ab88d8090bc3bdcb8213daf8065f12de1ee6a6c641e888a27eab

    • SHA512

      821833b5ffbb2f80f12214d969c033c23126fc2f4ef44f30d8b88236906512db5631e029f55d13869a4dc90e7bbee27fcfb8a391300178e4f055e22213d7b97b

    Score
    10/10
    ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks