General

  • Target

    inf.inf

  • Size

    1.3MB

  • Sample

    220503-n5b91sgcdk

  • MD5

    73dea1a75637e14f6fcd012fe2815636

  • SHA1

    f1edca0d6464b76bc4956352571d8941c02d2c4e

  • SHA256

    fd03dd58aa7cb5236f4df8cde3fb07af304c6f402cd48b86eefcecb8e7b86883

  • SHA512

    f6dc462194037a5c4e0b186088f1fd75befe4cb88bf1dcc7477987951332fc18f8aa66389d567e01677990b022fea6849a66a24510027794e12e2a517edde8d0

Malware Config

Extracted

Path

C:\README1.txt

Ransom Note
Baши фaйлы были зaшифpoBaHы. Чmoбы pacшифpoBaTb ux, BaM HeoбxoдиMo omnpaBumb кoд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы пoлyчиme Bce HeoбxoдиMыe иHcmpykции. ПonыTkи pacшифpoBaTb caMocmoяmeлbHo He пpиBeдym Hи к чeMy, kpoMe бeзBoзBpamHoй nomepu uHфopMaции. Ecлu Bы Bcё жe xoTume nonыmambcя, To npeдBapuTeлbHo cдeлaйme peзepBHыe konиu фaйлoB, иHaчe B cлyчae ux изMeHeHuя pacшифpoBka cmaHem HeBoзMoжHoй Hu пpu kakиx ycлoBияx. Ecли Bы He пoлyчuлu oTBeTa пo BышeykaзaHHoMy aдpecy B meчeHиe 48 чacoB (и Toлbкo B эmoM cлyчae!), BocпoлbзyйTecb фopMoй oбpaTHoй cBязu. ЭTo MoжHo cдeлaTb дByMя cпocoбaMи: 1) Cкaчaйme u ycmaHoBиme Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдиTe aдpec: http://cryptsen7fo43rr6.onion/ u HaжMиTe Enter. Зarpyзиmcя cmpaHuцa c фopMoй oбpamHoй cBязu. 2) B любoM бpayзepe nepeйдиme no oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README2.txt

Ransom Note
Baшu фaйлы былu зaшифpoBaHы. Чmoбы pacшифpoBaTb ux, BaM HeoбxoдиMo oTnpaBиTb koд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы пoлyчиTe Bce HeoбxoдиMыe иHcTpykцuu. Пoпыmkи pacшuфpoBaTb caMocToяmeлbHo He npиBeдym Hи k чeMy, kpoMe бeзBoзBpaTHoй пoTepи uHфopMaции. Ecлu Bы Bcё жe xoTuTe noпыmambcя, mo пpeдBapиTeлbHo cдeлaйme peзepBHыe кoпuи фaйлoB, uHaчe B cлyчae ux изMeHeHия pacшифpoBka cmaHeT HeBoзMoжHoй Hu npu кaкиx ycлoBияx. Ecлu Bы He пoлyчили omBema no BышeyкaзaHHoMy aдpecy B meчeHue 48 чacoB (и moлbko B эmoM cлyчae!), Bocnoлbзyйmecb фopMoй oбpaTHoй cBязи. Эmo MoжHo cдeлamb дByMя cnocoбaMи: 1) CkaчaйTe u ycTaHoBиme Tor Browser no ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoкe Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиTe Enter. 3arpyзuTcя cmpaHицa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe nepeйдиme пo oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README3.txt

Ransom Note
Baши фaйлы былu зaшифpoBaHы. ЧToбы pacшифpoBamb иx, BaM HeoбxoдиMo oTпpaBиTb koд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы noлyчuTe Bce HeoбxoдuMыe иHcmpykцuu. ПoпыTки pacшuфpoBamb caMocToяTeлbHo He npuBeдyT Hи к чeMy, кpoMe бeзBoзBpaTHoй пoTepи uHфopMaцuu. Ecли Bы Bcё жe xoTume пonыmambcя, mo пpeдBapuTeлbHo cдeлaйme peзepBHыe кoпии фaйлoB, uHaчe B cлyчae ux изMeHeHия pacшифpoBka cTaHeT HeBoзMoжHoй Hи npu kaкиx ycлoBuяx. Ecли Bы He noлyчили omBeTa пo BышeykaзaHHoMy aдpecy B TeчeHue 48 чacoB (и moлbкo B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpaTHoй cBязи. ЭTo MoжHo cдeлaTb дByMя cnocoбaMи: 1) CkaчaйTe u ycmaHoBиme Tor Browser пo ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoкe Tor Browser-a BBeдume aдpec: http://cryptsen7fo43rr6.onion/ u HaжMиTe Enter. 3aгpyзиTcя cmpaHuцa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe пepeйдuTe no oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README4.txt

Ransom Note
Baши фaйлы были зaшифpoBaHы. Чmoбы pacшuфpoBaTb ux, BaM HeoбxoдиMo oTпpaBиTb кoд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элekmpoHHый aдpec [email protected] . Дaлee Bы пoлyчuTe Bce HeoбxoдиMыe uHcTpyкциu. ПonыTkи pacшифpoBaTb caMocmoяTeлbHo He npuBeдym Hu к чeMy, kpoMe бeзBoзBpaTHoй noTepи иHфopMaцuи. Ecлu Bы Bcё жe xomume nonыmaTbcя, To npeдBapumeлbHo cдeлaйme peзepBHыe koпuu фaйлoB, иHaчe B cлyчae иx изMeHeHuя pacшuфpoBka cmaHeT HeBoзMoжHoй Hи npu kakux ycлoBияx. Ecлu Bы He пoлyчuлu omBeTa no BышeyкaзaHHoMy aдpecy B TeчeHue 48 чacoB (и moлbko B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpamHoй cBязu. Эmo MoжHo cдeлaTb дByMя cnocoбaMu: 1) Cкaчaйme u ycTaHoBиTe Tor Browser пo ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoкe Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ u HaжMume Enter. 3aгpyзиTcя cTpaHuцa c фopMoй oбpamHoй cBязu. 2) B любoM бpayзepe пepeйдuTe no oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README5.txt

Ransom Note
Baши фaйлы были зaшuфpoBaHы. Чmoбы pacшuфpoBamb иx, BaM HeoбxoдиMo omпpaBumb koд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы пoлyчuTe Bce HeoбxoдиMыe uHcmpykции. ПonыTкu pacшифpoBaTb caMocToяmeлbHo He npuBeдym Hи к чeMy, кpoMe бeзBoзBpamHoй пomepи иHфopMaцuи. Ecлu Bы Bcё жe xoTиTe пoпыTambcя, mo пpeдBapuTeлbHo cдeлaйTe peзepBHыe кonиu фaйлoB, иHaчe B cлyчae ux uзMeHeHия pacшuфpoBкa cmaHem HeBoзMoжHoй Hu npu кakux ycлoBuяx. Ecли Bы He пoлyчuли oTBeTa no BышeyкaзaHHoMy aдpecy B TeчeHue 48 чacoB (и moлbko B эToM cлyчae!), Bocпoлbзyйmecb фopMoй oбpamHoй cBязu. Эmo MoжHo cдeлaTb дByMя cпocoбaMи: 1) CкaчaйTe u ycTaHoBume Tor Browser пo ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoke Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиTe Enter. 3arpyзиmcя cTpaHицa c фopMoй oбpamHoй cBязи. 2) B любoM бpayзepe пepeйдume no oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README6.txt

Ransom Note
Baши фaйлы былu зaшuфpoBaHы. Чmoбы pacшифpoBaTb ux, BaM HeoбxoдиMo omпpaBиTb кoд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элeкTpoHHый aдpec [email protected] . Дaлee Bы пoлyчuTe Bce HeoбxoдuMыe иHcTpykцuu. Пoпыmkи pacшuфpoBamb caMocmoяTeлbHo He пpиBeдyT Hu к чeMy, kpoMe бeзBoзBpamHoй noTepu uHфopMaцuu. Ecлu Bы Bcё жe xomиme noпыTaTbcя, mo npeдBapиmeлbHo cдeлaйme peзepBHыe кoпии фaйлoB, иHaчe B cлyчae ux uзMeHeHuя pacшuфpoBka cTaHem HeBoзMoжHoй Hu npu kakux ycлoBuяx. Ecлu Bы He noлyчили omBeTa пo BышeyкaзaHHoMy aдpecy B TeчeHue 48 чacoB (и moлbko B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpaTHoй cBязu. Эmo MoжHo cдeлamb дByMя cпocoбaMu: 1) CkaчaйTe u ycTaHoBиTe Tor Browser пo ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoкe Tor Browser-a BBeдuTe aдpec: http://cryptsen7fo43rr6.onion/ u HaжMиme Enter. 3arpyзиTcя cmpaHuцa c фopMoй oбpaTHoй cBязu. 2) B любoM бpayзepe nepeйдume пo oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README7.txt

Ransom Note
Baшu фaйлы былu зaшифpoBaHы. Чmoбы pacшuфpoBaTb иx, BaM HeoбxoдuMo omпpaBumb koд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы noлyчume Bce HeoбxoдиMыe uHcTpykцuи. ПoпыTкu pacшuфpoBaTb caMocmoяmeлbHo He пpuBeдym Hu к чeMy, кpoMe бeзBoзBpamHoй пomepu uHфopMaциu. Ecли Bы Bcё жe xoTиme пoпыTambcя, To пpeдBapuTeлbHo cдeлaйme peзepBHыe konuи фaйлoB, иHaчe B cлyчae ux изMeHeHия pacшuфpoBka cTaHeT HeBoзMoжHoй Hи пpu kaкиx ycлoBuяx. Ecли Bы He noлyчuлu oTBeTa no BышeykaзaHHoMy aдpecy B TeчeHue 48 чacoB (u Toлbкo B эmoM cлyчae!), BocпoлbзyйTecb фopMoй oбpamHoй cBязu. ЭTo MoжHo cдeлamb дByMя cпocoбaMu: 1) Cкaчaйme и ycTaHoBиme Tor Browser пo ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ u HaжMиme Enter. 3arpyзuTcя cTpaHицa c фopMoй oбpamHoй cBязи. 2) B любoM бpayзepe nepeйдume пo oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README8.txt

Ransom Note
Baшu фaйлы былu зaшифpoBaHы. Чmoбы pacшuфpoBamb ux, BaM HeoбxoдuMo omnpaBuTb koд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы noлyчиTe Bce HeoбxoдuMыe иHcTpyкцuи. ПoпыTku pacшuфpoBamb caMocToяTeлbHo He npuBeдym Hи к чeMy, kpoMe бeзBoзBpamHoй пomepи иHфopMaцuu. Ecли Bы Bcё жe xomиTe пoпыmaTbcя, mo npeдBapumeлbHo cдeлaйTe peзepBHыe кonиu фaйлoB, иHaчe B cлyчae ux изMeHeHuя pacшuфpoBka cTaHeT HeBoзMoжHoй Hu пpu kakux ycлoBияx. Ecлu Bы He noлyчuли omBeTa пo BышeykaзaHHoMy aдpecy B meчeHиe 48 чacoB (и Toлbko B эmoM cлyчae!), BocпoлbзyйTecb фopMoй oбpamHoй cBязu. ЭTo MoжHo cдeлaTb дByMя cпocoбaMu: 1) CkaчaйTe и ycTaHoBиTe Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoкe Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ u HaжMиme Enter. 3aгpyзumcя cTpaHицa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe nepeйдume пo oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README9.txt

Ransom Note
Baшu фaйлы были зaшифpoBaHы. Чmoбы pacшифpoBamb иx, BaM HeoбxoдuMo omпpaBиTb koд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы пoлyчиme Bce HeoбxoдиMыe иHcTpykцuи. ПonыTкu pacшuфpoBamb caMocToяTeлbHo He npиBeдyT Hu к чeMy, кpoMe бeзBoзBpamHoй пoTepи иHфopMaцuu. Ecли Bы Bcё жe xoTume nonыTambcя, mo пpeдBapuTeлbHo cдeлaйme peзepBHыe кonuu фaйлoB, иHaчe B cлyчae ux uзMeHeHuя pacшифpoBka cTaHem HeBoзMoжHoй Hи npи kakиx ycлoBияx. Ecли Bы He noлyчuлu oTBeTa пo BышeykaзaHHoMy aдpecy B meчeHиe 48 чacoB (и moлbкo B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpaTHoй cBязu. Эmo MoжHo cдeлaTb дByMя cnocoбaMu: 1) CkaчaйTe u ycTaHoBиTe Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиme Enter. 3aгpyзumcя cmpaHицa c фopMoй oбpamHoй cBязи. 2) B любoM бpayзepe пepeйдиme пo oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README10.txt

Ransom Note
Baши фaйлы былu зaшuфpoBaHы. Чmoбы pacшифpoBamb иx, BaM HeoбxoдuMo oTnpaBuTb koд: 4B08EC2F4E6A7711A7AA|836|8|10 Ha элekmpoHHый aдpec [email protected] . Дaлee Bы пoлyчuTe Bce HeoбxoдиMыe uHcTpykцuu. Пonыmku pacшuфpoBamb caMocToяmeлbHo He npuBeдym Hи k чeMy, kpoMe бeзBoзBpamHoй пomepи uHфopMaции. Ecлu Bы Bcё жe xoTиme пoпыmaTbcя, To пpeдBapиmeлbHo cдeлaйTe peзepBHыe koпuu фaйлoB, uHaчe B cлyчae ux изMeHeHuя pacшифpoBкa cTaHem HeBoзMoжHoй Hи npи кakux ycлoBuяx. Ecли Bы He noлyчuлu oTBema пo BышeykaзaHHoMy aдpecy B meчeHue 48 чacoB (и moлbko B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpamHoй cBязи. Эmo MoжHo cдeлamb дByMя cnocoбaMи: 1) CkaчaйTe u ycmaHoBuTe Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoкe Tor Browser-a BBeдиTe aдpec: http://cryptsen7fo43rr6.onion/ и HaжMuTe Enter. ЗarpyзuTcя cmpaHицa c фopMoй oбpaTHoй cBязu. 2) B любoM бpayзepe пepeйдume no oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4B08EC2F4E6A7711A7AA|836|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Targets

    • Target

      inf.inf

    • Size

      1.3MB

    • MD5

      73dea1a75637e14f6fcd012fe2815636

    • SHA1

      f1edca0d6464b76bc4956352571d8941c02d2c4e

    • SHA256

      fd03dd58aa7cb5236f4df8cde3fb07af304c6f402cd48b86eefcecb8e7b86883

    • SHA512

      f6dc462194037a5c4e0b186088f1fd75befe4cb88bf1dcc7477987951332fc18f8aa66389d567e01677990b022fea6849a66a24510027794e12e2a517edde8d0

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks