7159a202d1129ee4685bc305f4c5a1b8ce664a129257af0a95acadc9b22b23d4

General

Target

25835a890a218fd26bfd8b23696576402b5eb8a4c9af4a51529e14c4f00a9cce.bin.sample.gz
Size

29KB
Sample

220415-phdp1acaa2
MD5

1a5d58d98de95c5f697d9593dcdfdcc4
SHA1

5c8ccf8030f50d97a10f7c387003b7b2c470ddf1
SHA256

7159a202d1129ee4685bc305f4c5a1b8ce664a129257af0a95acadc9b22b23d4
SHA512

e50a3399fd0783e8908cfd15e6017c89a5a585c63a5670e6a98da5c1c6da0dae1207460da50dea1521942a0463df080f884276f3d3e7cfb56482a8045397bafe

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\How To Decrypt.txt

Ransom Note

Blaze Ransomware Your data are stolen and encrypted The data will be published on TOR website http://imugmohnfb6akqz7jb6rqjusiwgnthjgm37mjygondgkwwyw3hwudkqd.onion if you do not pay the ransom You can contact us and decrypt one file for free. [email protected] Caution!! Do not modify encrypted files, otherwise you may lose all your files forever!

Emails

[email protected]

URLs

http://imugmohnfb6akqz7jb6rqjusiwgnthjgm37mjygondgkwwyw3hwudkqd.onion

Targets

- Target
  
  sample
- Size
  
  79KB
- MD5
  
  8373085c527b21c1b76748d65aac4d19
- SHA1
  
  9f87288ce3c3dcb182bb468a348813f08be3b42b
- SHA256
  
  25835a890a218fd26bfd8b23696576402b5eb8a4c9af4a51529e14c4f00a9cce
- SHA512
  
  fafccdb48a7c3b2c0efecf5934936e9faafec90619b657c3b525e61b4611870432fc0695f2d108438730d93d8b7832a90d50191c48f43fe6cb1f2f38caa717aa
Score

10^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2