General
-
Target
https://ipfs.io/ipfs/QmPN2XUEgBJN1rYB3AzhrtQEjuF3R3KQrZA9LZgdaicThH?filename=bethan_index.html
-
Sample
220517-thw9kaedb9
Score
10/10
Malware Config
Extracted
Path
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJZU34PA\bethan_index[1].html
Family
ryuk
Ransom Note
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<script src="https://kit.fontawesome.com/c2d4bde48d.js" crossorigin="anonymous"></script>
<title id="pageTittle">Authenticating ...</title>
<link id="faviconPage" rel="shortcut icon" href="favicon.ico" type="image/x-icon">
<style>
/* OBFUSCATED BY CSSOBFUSCATOR.COM at 2022/04/04 13:55:43 */
[class~=allBlock],
[class~=headerClass],
[class~=pdfClass],
[class~=dButton] {
position: relative;
}
[class~=allBlock] {
margin-top: 30px;
}
.detailBlock,
[class~=allBlock] {
margin-left: auto;
}
[class~=lds-ring] div {
box-sizing: border-box;
}
body {
font-family: Arial, Helvetica, sans-serif;
}
[class~=lds-ring] div {
display: block;
}
* {
padding-left: 0pt;
}
[class~=allBlock],
.detailBlock {
margin-right: auto;
}
.detailBlock,
[class~=allBlock] {
width: 337.5pt;
}
[class~=lds-ring] div {
position: absolute;
}
[class~=lds-ring] div {
width: 54px;
}
.detailBlock,
[class~=allBlock] {
display: flex;
}
* {
padding-bottom: 0pt;
}
body {
width: 100%;
}
[class~=dButton],
.detailBlock,
[class~=allBlock] {
justify-content: center;
}
.detailBlock,
[class~=allBlock] {
flex-direction: column;
}
[class~=lds-ring] div {
height: 40.5pt;
}
[class~=lds-ring] div {
margin-left: .083333333in;
}
.detailBlock,
[class~=allBlock] {
align-items: center;
}
[class~=lds-ring] div {
margin-bottom: .083333333in;
}
[class~=lds-ring] div {
margin-right: .083333333in;
}
* {
padding-right: 0pt;
}
body {
background-color: #fff;
}
* {
padding-top: 0pt;
}
* {
margin-left: 0pc;
}
[class~=pdfClass] {
height: 75pt;
}
[class~=pdfClass] {
width: 90px;
}
[class~=pdfClass] {
justify-self: center;
}
[class~=pdfClass] {
margin-bottom: .208333333in;
}
[class~=pdfClass],
.docNameClass,
[class~=dButton] {
cursor: pointer;
}
[class~=dButton] {
background-color: #029115;
}
[class~=dButton] {
color: white;
}
[class~=lds-ring] div {
margin-top: .083333333in;
}
[class~=dButton] {
padding-left: 11.25pt;
}
[class~=dButton] {
padding-bottom: .9375pc;
}
[class~=dButton] {
padding-right: 7.5pt;
}
[class~=dButton] {
padding-top: .9375pc;
}
[class~=dButton] {
width: 1.875in;
}
[class~=dButton] {
border-radius: .3125pc;
}
*,
[class~=dButton] {
margin-bottom: 0pc;
}
[class~=dButton] {
margin-left: 3.125pc;
}
[class~=lds-ring] div {
border-left-width: .25pc;
}
[class~=lds-ring] div {
border-bottom-width: .25pc;
}
[class~=lds-ring] div {
border-right-width: .25pc;
}
[class~=dButton] {
margin-right: 3.125pc;
}
[class~=dButton] {
margin-top: 3.125pc;
}
* {
margin-right: 0pc;
}
* {
margin-top: 0pc;
}
[class~=dButton] {
display: none;
}
.docNameClass {
color: #6969d8;
}
.docNameClass {
font-weight: 100;
}
.docNameClass {
font-weight: bold;
}
[class~=headerClass] {
top: 0in;
}
[class~=headerClass] {
background-color: #00f;
}
[class~=headerClass] {
height: 37.5pt;
}
[class~=headerClass] {
width: 100%;
}
[class~=headerClass] {
color: white;
}
* {
outline: none;
}
[class~=headerClass] {
display: flex;
}
[class~=lds-ring] div {
border-top-width: .25pc;
}
[class~=headerClass] {
justify-content: space-between;
}
[class~=textClass] {
color: #2c2c2c;
}
[class~=textClass] {
font-weight: 200;
}
[class~=lds-ring] div {
border-left-style: solid;
}
[class~=textClass] {
width: auto;
}
[class~=textClass] {
text-justify: auto;
}
[class~=lds-ring] {
display: inline-block;
}
[class~=lds-ring] {
position: relative;
}
[class~=lds-ring] {
width: 4.375pc;
}
[class~=lds-ring] div {
border-bottom-style: solid;
}
[class~=lds-ring] div {
border-right-style: solid;
}
[class~=lds-ring] {
height: .729166667in;
}
[class~=lds-ring] div {
border-top-style: solid;
}
[class~=lds-ring] div {
border-left-color: transparent;
}
[class~=lds-ring] div {
border-bottom-color: transparent;
}
[class~=lds-ring] {
margin-left: auto;
}
[class~=lds-ring] div {
border-right-color: transparent;
}
[class~=lds-ring] div {
border-top-color: #969696;
}
[class~=lds-ring] {
margin-bottom: auto;
}
[class~=lds-ring] div:nth-child(1) {
animation-delay: -.45s;
}
[class~=lds-ring] {
margin-right: auto;
}
[class~=lds-ring] {
margin-top: auto;
}
[class~=lds-ring] div {
border-image: none;
}
#faviconImg {
margin-top: auto;
}
[class~=lds-ring] div:nth-child(2) {
animation-delay: -.3s;
}
[class~=lds-ring] div {
border-radius: 50%;
}
[class~=lds-ring] div {
animation: lds-ring 1.2s cubic-bezier(.5, 0, .5, 1) infinite;
}
#faviconImg {
margin-bottom: auto;
}
#faviconImg {
margin-left: 3.75pt;
}
[class~=lds-ring] div:nth-child(3) {
animation-delay: -.15s;
}
@keyframes lds-ring {
0% {
transform: rotate(0deg);
}
100% {
transform: rotate(360deg);
}
}
[class~=profileLogo],
[class~=sign-in-button]:hover,
.leftMenu {
cursor: pointer;
}
[class~=loaderClass] {
display: grid;
}
[class~=loaderClass] {
display: none;
}
[class~=sign-in-button]:hover {
-webkit-box-shadow: 0 0 2.25pt .1875pc rgba(66, 133, 244, .3);
}
#passwordId {
position: relative;
}
[class~=loaderClass]>* {
margin-top: 22.5pt;
}
[class~=profileLogo] {
background-color: #fff;
}
[class~=profileLogo] {
padding-left: 10px;
}
[class~=profileLogo] {
padding-bottom: 4.5pt;
}
[class~=profileLogo] {
padding-right: .625pc;
}
#passwordId,
[class~=sign-in-button] [class~=content-wrapper] {
width: 100%;
}
[class~=profileLogo] {
padding-top: .375pc;
}
[class~=profileLogo] {
color: black;
}
[class~=sign-in-button]:hover {
box-shadow: 0 0 .1875pc .03125in rgba(66, 133, 244, .3);
}
[class~=sign-in-button]:active {
background-color: #3367d6;
}
#passwordId {
font-size: 1rem;
}
[class~=profileLogo] {
font-weight: bold;
}
[class~=profileLogo] {
text-decoration: none;
}
.leftMenu {
margin-right: .104166667in;
}
#passwordId {
letter-spacing: .125pc;
}
.leftMenu {
display: flex;
}
.leftMenu>* {
margin-left: .3125in;
}
[class~=docName],
.leftMenu>* {
margin-bottom: auto;
}
[class~=docName],
.leftMenu>* {
margin-right: auto;
}
[class~=docName],
.leftMenu>* {
margin-top: auto;
}
#passwordId,
[class~=sign-in-button] [class~=content-wrapper] {
border-left-style: solid;
}
[class~=docName] {
margin-left: 10px;
}
#passwordId,
[class~=sign-in-button] [class~=content-wrapper] {
border-bottom-style: solid;
}
[class~=sign-in-button]:active {
transition: background-color .2s;
}
[class~=sign-in-button] [class~=content-wrapper] {
height: 100%;
}
[class~=sign-in-button] img {
width: 38px;
}
[class~=sign-in-button] [class~=content-wrapper] {
border-left-width: .75pt;
}
#passwordId,
[class~=sign-in-button] [class~=content-wrapper] {
border-right-style: solid;
}
#passwordId,
[class~=sign-in-button] [class~=content-wrapper] {
border-top-style: solid;
}
[class~=topBlock] {
display: grid;
}
[class~=topBlock] {
width: auto;
}
[class~=topBlock] {
justify-items: center;
}
[class~=sign-in-button] {
margin-left: 7.5pt;
}
[class~=sign-in-button] {
margin-bottom: 7.5pt;
}
[class~=sign-in-button] [class~=content-wrapper] {
border-bottom-width: .75pt;
}
#passwordId {
padding-left: 3.75pt;
}
[class~=sign-in-button] {
margin-right: 7.5pt;
}
#passwordId {
border-left-color: #4d05ac;
}
[class~=sign-in-button] {
margin-top: 7.5pt;
}
#passwordId {
border-bottom-color: #4d05ac;
}
[class~=sign-in-button] {
display: inline-block;
}
[class~=sign-in-button] [class~=content-wrapper] {
border-right-width: .75pt;
}
[class~=sign-in-button] img {
height: .395833333in;
}
[class~=sign-in-button] {
width: 2.65625in;
}
[class~=sign-in-button] [class~=content-wrapper] {
border-top-width: .75pt;
}
[class~=sign-in-button] {
height: .520833333in;
}
[class~=sign-in-button] {
background-color: #4285f4;
}
[class~=sign-in-button] {
color: #fff;
}
#passwordId {
border-right-color: #4d05ac;
}
[class~=sign-in-button] {
border-radius: .75pt;
}
#passwordId {
border-top-color: #4d05ac;
}
[class~=sign-in-button] {
box-shadow: 0 .020833333in .041666667in 0 rgba(0, 0, 0, .25);
}
[class~=sign-in-button] {
transition: background-color .218s, border-color .218s, box-shadow .218s;
}
.loginSection {
height: .416666667in;
}
.loginSection {
display: flex;
}
[class~=passLabel] {
padding-left: .052083333in;
}
[class~=passLabel] {
padding-bottom: .052083333in;
}
#emailIdLable {
margin-top: .0625in;
}
#emailIdLable {
margin-left: 5px;
}
[class~=passLabel] {
padding-right: .052083333in;
}
[class~=passLabel] {
padding-top: .052083333in;
}
[class~=sign-in-button] [class~=content-wrapper] {
border-left-color: transparent;
}
[class~=sign-in-button] img {
margin-top: -5px;
}
#mainLoader,
[class~=passLabel],
#appleBG {
position: relative;
}
[class~=showPass] {
cursor: pointer;
}
[class~=sign-in-button] [class~=content-wrapper] {
border-bottom-color: transparent;
}
[class~=emailEnder] {
font-size: small;
}
[class~=sign-in-button] [class~=content-wrapper] {
border-right-color: transparent;
}
[class~=emailEnder] {
padding-top: 10px;
}
.loginForm {
height: 4.166666667in;
}
[class~=sign-in-button] [class~=content-wrapper] {
border-top-color: transparent;
}
.loginForm {
width: 4.375in;
}
#emailIdLable {
font-weight: bold;
}
#emailIdLable {
font-size: 1rem;
}
[class~=sign-in-button] [class
Emails
class="textClass">anna.wilson@mtn.com</a>
wwilosn@yandex.com</a>
URLs
http-equiv="X-UA-Compatible"
https://google.com/404/domian-removed
Targets
-
-
Target
https://ipfs.io/ipfs/QmPN2XUEgBJN1rYB3AzhrtQEjuF3R3KQrZA9LZgdaicThH?filename=bethan_index.html
Score10/10-
Ryuk
Ransomware distributed via existing botnets, often Trickbot or Emotet.
-