https://ipfs.io/ipfs/QmPN2XUEgBJN1rYB3AzhrtQEjuF3R3KQrZA9LZgdaicThH?filename=bethan_index.html

General
Target

https://ipfs.io/ipfs/QmPN2XUEgBJN1rYB3AzhrtQEjuF3R3KQrZA9LZgdaicThH?filename=bethan_index.html

Sample

220517-thw9kaedb9

Score
10 /10
Malware Config

Extracted

Path C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FJZU34PA\bethan_index[1].html
Family ryuk
Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <script src="https://kit.fontawesome.com/c2d4bde48d.js" crossorigin="anonymous"></script> <title id="pageTittle">Authenticating ...</title> <link id="faviconPage" rel="shortcut icon" href="favicon.ico" type="image/x-icon"> <style> /* OBFUSCATED BY CSSOBFUSCATOR.COM at 2022/04/04 13:55:43 */ [class~=allBlock], [class~=headerClass], [class~=pdfClass], [class~=dButton] { position: relative; } [class~=allBlock] { margin-top: 30px; } .detailBlock, [class~=allBlock] { margin-left: auto; } [class~=lds-ring] div { box-sizing: border-box; } body { font-family: Arial, Helvetica, sans-serif; } [class~=lds-ring] div { display: block; } * { padding-left: 0pt; } [class~=allBlock], .detailBlock { margin-right: auto; } .detailBlock, [class~=allBlock] { width: 337.5pt; } [class~=lds-ring] div { position: absolute; } [class~=lds-ring] div { width: 54px; } .detailBlock, [class~=allBlock] { display: flex; } * { padding-bottom: 0pt; } body { width: 100%; } [class~=dButton], .detailBlock, [class~=allBlock] { justify-content: center; } .detailBlock, [class~=allBlock] { flex-direction: column; } [class~=lds-ring] div { height: 40.5pt; } [class~=lds-ring] div { margin-left: .083333333in; } .detailBlock, [class~=allBlock] { align-items: center; } [class~=lds-ring] div { margin-bottom: .083333333in; } [class~=lds-ring] div { margin-right: .083333333in; } * { padding-right: 0pt; } body { background-color: #fff; } * { padding-top: 0pt; } * { margin-left: 0pc; } [class~=pdfClass] { height: 75pt; } [class~=pdfClass] { width: 90px; } [class~=pdfClass] { justify-self: center; } [class~=pdfClass] { margin-bottom: .208333333in; } [class~=pdfClass], .docNameClass, [class~=dButton] { cursor: pointer; } [class~=dButton] { background-color: #029115; } [class~=dButton] { color: white; } [class~=lds-ring] div { margin-top: .083333333in; } [class~=dButton] { padding-left: 11.25pt; } [class~=dButton] { padding-bottom: .9375pc; } [class~=dButton] { padding-right: 7.5pt; } [class~=dButton] { padding-top: .9375pc; } [class~=dButton] { width: 1.875in; } [class~=dButton] { border-radius: .3125pc; } *, [class~=dButton] { margin-bottom: 0pc; } [class~=dButton] { margin-left: 3.125pc; } [class~=lds-ring] div { border-left-width: .25pc; } [class~=lds-ring] div { border-bottom-width: .25pc; } [class~=lds-ring] div { border-right-width: .25pc; } [class~=dButton] { margin-right: 3.125pc; } [class~=dButton] { margin-top: 3.125pc; } * { margin-right: 0pc; } * { margin-top: 0pc; } [class~=dButton] { display: none; } .docNameClass { color: #6969d8; } .docNameClass { font-weight: 100; } .docNameClass { font-weight: bold; } [class~=headerClass] { top: 0in; } [class~=headerClass] { background-color: #00f; } [class~=headerClass] { height: 37.5pt; } [class~=headerClass] { width: 100%; } [class~=headerClass] { color: white; } * { outline: none; } [class~=headerClass] { display: flex; } [class~=lds-ring] div { border-top-width: .25pc; } [class~=headerClass] { justify-content: space-between; } [class~=textClass] { color: #2c2c2c; } [class~=textClass] { font-weight: 200; } [class~=lds-ring] div { border-left-style: solid; } [class~=textClass] { width: auto; } [class~=textClass] { text-justify: auto; } [class~=lds-ring] { display: inline-block; } [class~=lds-ring] { position: relative; } [class~=lds-ring] { width: 4.375pc; } [class~=lds-ring] div { border-bottom-style: solid; } [class~=lds-ring] div { border-right-style: solid; } [class~=lds-ring] { height: .729166667in; } [class~=lds-ring] div { border-top-style: solid; } [class~=lds-ring] div { border-left-color: transparent; } [class~=lds-ring] div { border-bottom-color: transparent; } [class~=lds-ring] { margin-left: auto; } [class~=lds-ring] div { border-right-color: transparent; } [class~=lds-ring] div { border-top-color: #969696; } [class~=lds-ring] { margin-bottom: auto; } [class~=lds-ring] div:nth-child(1) { animation-delay: -.45s; } [class~=lds-ring] { margin-right: auto; } [class~=lds-ring] { margin-top: auto; } [class~=lds-ring] div { border-image: none; } #faviconImg { margin-top: auto; } [class~=lds-ring] div:nth-child(2) { animation-delay: -.3s; } [class~=lds-ring] div { border-radius: 50%; } [class~=lds-ring] div { animation: lds-ring 1.2s cubic-bezier(.5, 0, .5, 1) infinite; } #faviconImg { margin-bottom: auto; } #faviconImg { margin-left: 3.75pt; } [class~=lds-ring] div:nth-child(3) { animation-delay: -.15s; } @keyframes lds-ring { 0% { transform: rotate(0deg); } 100% { transform: rotate(360deg); } } [class~=profileLogo], [class~=sign-in-button]:hover, .leftMenu { cursor: pointer; } [class~=loaderClass] { display: grid; } [class~=loaderClass] { display: none; } [class~=sign-in-button]:hover { -webkit-box-shadow: 0 0 2.25pt .1875pc rgba(66, 133, 244, .3); } #passwordId { position: relative; } [class~=loaderClass]>* { margin-top: 22.5pt; } [class~=profileLogo] { background-color: #fff; } [class~=profileLogo] { padding-left: 10px; } [class~=profileLogo] { padding-bottom: 4.5pt; } [class~=profileLogo] { padding-right: .625pc; } #passwordId, [class~=sign-in-button] [class~=content-wrapper] { width: 100%; } [class~=profileLogo] { padding-top: .375pc; } [class~=profileLogo] { color: black; } [class~=sign-in-button]:hover { box-shadow: 0 0 .1875pc .03125in rgba(66, 133, 244, .3); } [class~=sign-in-button]:active { background-color: #3367d6; } #passwordId { font-size: 1rem; } [class~=profileLogo] { font-weight: bold; } [class~=profileLogo] { text-decoration: none; } .leftMenu { margin-right: .104166667in; } #passwordId { letter-spacing: .125pc; } .leftMenu { display: flex; } .leftMenu>* { margin-left: .3125in; } [class~=docName], .leftMenu>* { margin-bottom: auto; } [class~=docName], .leftMenu>* { margin-right: auto; } [class~=docName], .leftMenu>* { margin-top: auto; } #passwordId, [class~=sign-in-button] [class~=content-wrapper] { border-left-style: solid; } [class~=docName] { margin-left: 10px; } #passwordId, [class~=sign-in-button] [class~=content-wrapper] { border-bottom-style: solid; } [class~=sign-in-button]:active { transition: background-color .2s; } [class~=sign-in-button] [class~=content-wrapper] { height: 100%; } [class~=sign-in-button] img { width: 38px; } [class~=sign-in-button] [class~=content-wrapper] { border-left-width: .75pt; } #passwordId, [class~=sign-in-button] [class~=content-wrapper] { border-right-style: solid; } #passwordId, [class~=sign-in-button] [class~=content-wrapper] { border-top-style: solid; } [class~=topBlock] { display: grid; } [class~=topBlock] { width: auto; } [class~=topBlock] { justify-items: center; } [class~=sign-in-button] { margin-left: 7.5pt; } [class~=sign-in-button] { margin-bottom: 7.5pt; } [class~=sign-in-button] [class~=content-wrapper] { border-bottom-width: .75pt; } #passwordId { padding-left: 3.75pt; } [class~=sign-in-button] { margin-right: 7.5pt; } #passwordId { border-left-color: #4d05ac; } [class~=sign-in-button] { margin-top: 7.5pt; } #passwordId { border-bottom-color: #4d05ac; } [class~=sign-in-button] { display: inline-block; } [class~=sign-in-button] [class~=content-wrapper] { border-right-width: .75pt; } [class~=sign-in-button] img { height: .395833333in; } [class~=sign-in-button] { width: 2.65625in; } [class~=sign-in-button] [class~=content-wrapper] { border-top-width: .75pt; } [class~=sign-in-button] { height: .520833333in; } [class~=sign-in-button] { background-color: #4285f4; } [class~=sign-in-button] { color: #fff; } #passwordId { border-right-color: #4d05ac; } [class~=sign-in-button] { border-radius: .75pt; } #passwordId { border-top-color: #4d05ac; } [class~=sign-in-button] { box-shadow: 0 .020833333in .041666667in 0 rgba(0, 0, 0, .25); } [class~=sign-in-button] { transition: background-color .218s, border-color .218s, box-shadow .218s; } .loginSection { height: .416666667in; } .loginSection { display: flex; } [class~=passLabel] { padding-left: .052083333in; } [class~=passLabel] { padding-bottom: .052083333in; } #emailIdLable { margin-top: .0625in; } #emailIdLable { margin-left: 5px; } [class~=passLabel] { padding-right: .052083333in; } [class~=passLabel] { padding-top: .052083333in; } [class~=sign-in-button] [class~=content-wrapper] { border-left-color: transparent; } [class~=sign-in-button] img { margin-top: -5px; } #mainLoader, [class~=passLabel], #appleBG { position: relative; } [class~=showPass] { cursor: pointer; } [class~=sign-in-button] [class~=content-wrapper] { border-bottom-color: transparent; } [class~=emailEnder] { font-size: small; } [class~=sign-in-button] [class~=content-wrapper] { border-right-color: transparent; } [class~=emailEnder] { padding-top: 10px; } .loginForm { height: 4.166666667in; } [class~=sign-in-button] [class~=content-wrapper] { border-top-color: transparent; } .loginForm { width: 4.375in; } #emailIdLable { font-weight: bold; } #emailIdLable { font-size: 1rem; } [class~=sign-in-button] [class
Emails

class="textClass">anna.wilson@mtn.com</a>

wwilosn@yandex.com</a>

URLs

http-equiv="X-UA-Compatible"

https://google.com/404/domian-removed

Targets
Target

https://ipfs.io/ipfs/QmPN2XUEgBJN1rYB3AzhrtQEjuF3R3KQrZA9LZgdaicThH?filename=bethan_index.html

Score
10/10

Tags

Signatures

  • Ryuk

    Description

    Ransomware distributed via existing botnets, often Trickbot or Emotet.

    Tags

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      urlscan1

                      10/10

                      behavioral1

                      10/10