Resubmissions

11-10-2022 09:19

221011-laklssfgd6 10

18-04-2022 20:28

220418-y9cfpahad5 10

General

  • Target

    7a5e20e021dc29a07cad61f4d0bdb98e22749f13c3ace58220bfe978908bb7e9.exe

  • Size

    379KB

  • Sample

    220418-y9cfpahad5

  • MD5

    5a44e1d5691ec9395281123ea0bd501f

  • SHA1

    64566d5049479227d2eff3d983b127c0339974cd

  • SHA256

    7a5e20e021dc29a07cad61f4d0bdb98e22749f13c3ace58220bfe978908bb7e9

  • SHA512

    55d85e77f70f25bae6cf8bbf5dd787d5771c2e38e99461b608f6375be9cb0b1031f3c0268b82eb03db05eb88ce37d5f37afbfc69ab0c4f90791a706013b168c8

Malware Config

Extracted

Path

C:\Documents and Settings\WANNA_RECOVER_KOXIC_FILEZ_NOLUQ.txt

Ransom Note
Hello, all your important files are encrypted and sensitive data leaked. To decrypt your files and avoid other unpleasant things you need to buy special decryption tool. Contact us via [email protected] or [email protected] and tell your UserID. This is the only way to decrypt your files and avoid publi? disclosure of data . Do not try to use third party software (it may corrupt your files). We respect black market rules. We can confirm the ability to decrypt your files (and of course the evidence of the leak ), Send us several unimportant files (do not try to deceive us). Your UserID (send it to us for decryption): AF7C33B3B2D184C5D695C67050D6213B33F377064386348CB2C35558D9A2E30E6D4FD9C3BDFE4F5860343600F0F2768DA09A97952A76B932BD30A04EB39BBCCBBB02A1A74D6379E38198DB521395F877A5EB5DCCCC8060F39545EAA65AE2AF84D7B942C4F53737E38104CA53BE5B669530BAA4B2497B376378B57771999470AC92411ED7C73A64C15475B544984C186D7A3D1AAAEDE970F49AD7DA007CF59568ECD07CE6BCCE59FB2B786FE2E1CE015BC1EDC66FB910701A6E0271A75D87F55539CF001A73AA7C5954977811DE8D79282B89CC749108834D2287A2952F82E50755F0C03BD17F98A25EF9948C96CE59D20F05E68FE8BE5CF8D47603752FB26B433082010A0282010100D7D7C256EBD2730D0F922F1007534F794C504965D2D9C9F189C804868734D568D6F334444918C25C7826D8E3C3585605C7D035B3636CE2AD2530ADEF22F7D355BBF36B4942E7E8BA6F6962678ACAA73F1C09DE5AB0F1FA25C1D99DD3A003271C054586F79D0BFE8D0C41D0A4DEA611D2EA81A905E910EC7A06A6DB5895BE0AFB680EFA0E2348AD9086E7D9BD8150EBD457C7546E3BD4359C16CA06526495ECC3BBB1B9C4657705B7E17E87AAF2C64F6B42B51ACB237615993CB2F7D579046C7D1A14D411559AE18B02E8B63B46575C0BD7DFC3409761BFC28DDE50E3CE9FC96C05E1185740A88CE251FA1F824C8EBB7D81A0D6895E24224E330EB03491FFE84302030100014F64155C4E31A7387135C32310BD519F4E4F4C5551

Targets

    • Target

      7a5e20e021dc29a07cad61f4d0bdb98e22749f13c3ace58220bfe978908bb7e9.exe

    • Size

      379KB

    • MD5

      5a44e1d5691ec9395281123ea0bd501f

    • SHA1

      64566d5049479227d2eff3d983b127c0339974cd

    • SHA256

      7a5e20e021dc29a07cad61f4d0bdb98e22749f13c3ace58220bfe978908bb7e9

    • SHA512

      55d85e77f70f25bae6cf8bbf5dd787d5771c2e38e99461b608f6375be9cb0b1031f3c0268b82eb03db05eb88ce37d5f37afbfc69ab0c4f90791a706013b168c8

    • Koxic

      A C++ written ransomware first seen in late 2021.

    • Modifies Windows Defender Real-time Protection settings

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Disables taskbar notifications via registry modification

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Windows security modification

MITRE ATT&CK Enterprise v6

Tasks