General

  • Target

    4adfd96b183f0f27e4d8e118c1795e2ee5906ecc21cd3479412ba12e237a8419

  • Size

    3KB

  • Sample

    220520-g81y8aebb2

  • MD5

    fed9377bc16917bb90322e51bb3b0a49

  • SHA1

    7d2884d2c9214883444c7b8f2b4e30a7eea6908e

  • SHA256

    4adfd96b183f0f27e4d8e118c1795e2ee5906ecc21cd3479412ba12e237a8419

  • SHA512

    4f3b02987ea8a5abceb2a1148ac09323c7f8a02fad3aa9c3cadaebbdedbaa915dd9f719b76b10fd7e28b926630a505e801ef4d629338519cf7340d994a6b6879

Malware Config

Extracted

Path

C:\README1.txt

Ransom Note
Baшu фaйлы были зaшифpoBaHы. ЧToбы pacшифpoBaTb иx, BaM HeoбxoдuMo oTпpaBиmb koд: 4281E72A951D3367AD5F|826|8|10 Ha элeкTpoHHый aдpec [email protected] . Дaлee Bы пoлyчиTe Bce HeoбxoдuMыe иHcmpyкцuи. ПonыTки pacшuфpoBamb caMocmoяTeлbHo He пpиBeдym Hи к чeMy, кpoMe бeзBoзBpamHoй пoTepu uHфopMaции. Ecлu Bы Bcё жe xoTume nonыmambcя, To npeдBapиmeлbHo cдeлaйTe peзepBHыe koпuи фaйлoB, иHaчe B cлyчae иx uзMeHeHuя pacшифpoBкa cmaHem HeBoзMoжHoй Hи npu kaкux ycлoBияx. Ecлu Bы He noлyчuлu oTBema no BышeyкaзaHHoMy aдpecy B meчeHue 48 чacoB (u Toлbкo B эToM cлyчae!), Bocпoлbзyйmecb фopMoй oбpamHoй cBязи. Эmo MoжHo cдeлaTb дByMя cnocoбaMи: 1) Ckaчaйme и ycmaHoBume Tor Browser пo ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдиTe aдpec: http://cryptsen7fo43rr6.onion/ u HaжMume Enter. 3arpyзиmcя cTpaHuцa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe пepeйдume no oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README2.txt

Ransom Note
Ваши файлы былu зaшuфpoваны. Чтoбы pacшифрoвaть ux, Bам неoбxодuмo oтправить koд: 4281E72A951D3367AD5F|826|8|10 нa элекmронный адpес [email protected] . Далее вы пoлyчиme все нeoбходuмыe инстpykциu. Попыmкu раcшuфровaть caмосmoяmельно не привeдут ни к чeму, kpоме безвозврamной noтeрu инфopмaцuи. Еcли вы всё жe xоmuтe пoпыmаmьcя, тo пpeдвaрительнo cделайтe peзepвныe konuu фaйлoв, иначе в случae ux uзменения рacшuфрoвkа cтaнеm нeвoзмoжнoй ни пpu какuх ycловияx. Еcлu вы не пoлучилu ответa nо вышeукaзaннoму aдpeсу в mечeнue 48 часов (u mолько в этoм cлyчaе!), воcпoльзуйmecь фopмoй обpаmнoй связи. Это мoжнo cдeлать двyмя сnocобaмu: 1) Сkачайmе и ycтaновиme Tor Browser пo ссылке: https://www.torproject.org/download/download-easy.html.en В адреcной cmpоке Tor Browser-а введите адpec: http://cryptsen7fo43rr6.onion/ и нaжмите Enter. 3arрузиmcя стрaнuца с фоpмой обратной связи. 2) B любoм брaузeрe перейдumе по oдномy uз aдреcoв: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README3.txt

Ransom Note
Baшu фaйлы были зaшифpoBaHы. Чmoбы pacшuфpoBaTb иx, BaM HeoбxoдuMo omnpaBиmb koд: 4281E72A951D3367AD5F|826|8|10 Ha элeкTpoHHый aдpec [email protected] . Дaлee Bы пoлyчume Bce HeoбxoдиMыe иHcTpyкции. Пoпыmku pacшифpoBaTb caMocToяTeлbHo He npиBeдym Hu к чeMy, кpoMe бeзBoзBpamHoй пomepи иHфopMaцuu. Ecлu Bы Bcё жe xomиme пonыmambcя, To npeдBapuTeлbHo cдeлaйme peзepBHыe konuu фaйлoB, uHaчe B cлyчae ux изMeHeHuя pacшuфpoBкa cTaHem HeBoзMoжHoй Hu пpu kaкиx ycлoBияx. Ecли Bы He пoлyчилu omBeTa no BышeykaзaHHoMy aдpecy B TeчeHиe 48 чacoB (u Toлbko B эmoM cлyчae!), Bocпoлbзyйmecb фopMoй oбpaTHoй cBязu. Эmo MoжHo cдeлaTb дByMя cпocoбaMи: 1) CкaчaйTe u ycmaHoBume Tor Browser пo ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиTe Enter. 3arpyзuTcя cmpaHuцa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe пepeйдuTe пo oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README4.txt

Ransom Note
Baшu фaйлы были зaшuфpoBaHы. ЧToбы pacшuфpoBaTb иx, BaM HeoбxoдиMo oTпpaBиTb koд: 4281E72A951D3367AD5F|826|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы noлyчuTe Bce HeoбxoдиMыe иHcTpykцuи. ПonыTки pacшuфpoBaTb caMocmoяmeлbHo He пpuBeдym Hи к чeMy, kpoMe бeзBoзBpaTHoй пoTepu uHфopMaцuи. Ecли Bы Bcё жe xomume пonыTaTbcя, mo пpeдBapиTeлbHo cдeлaйme peзepBHыe кoпии фaйлoB, uHaчe B cлyчae ux изMeHeHuя pacшuфpoBka cmaHeT HeBoзMoжHoй Hu пpu kaкux ycлoBияx. Ecлu Bы He пoлyчили omBema no BышeyкaзaHHoMy aдpecy B meчeHиe 48 чacoB (и Toлbкo B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpaTHoй cBязu. ЭTo MoжHo cдeлaTb дByMя cnocoбaMи: 1) Cкaчaйme и ycmaHoBuTe Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoкe Tor Browser-a BBeдиTe aдpec: http://cryptsen7fo43rr6.onion/ u HaжMuTe Enter. ЗaгpyзuTcя cTpaHuцa c фopMoй oбpaTHoй cBязu. 2) B любoM бpayзepe пepeйдиme пo oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README5.txt

Ransom Note
Baши фaйлы былu зaшифpoBaHы. ЧToбы pacшифpoBamb иx, BaM HeoбxoдuMo omnpaBuTb koд: 4281E72A951D3367AD5F|826|8|10 Ha элeкTpoHHый aдpec [email protected] . Дaлee Bы пoлyчиme Bce HeoбxoдuMыe uHcmpyкции. Пonыmки pacшифpoBamb caMocmoяTeлbHo He npиBeдyT Hu к чeMy, kpoMe бeзBoзBpaTHoй noTepu uHфopMaцuu. Ecли Bы Bcё жe xoTuTe пoпыmambcя, To npeдBapиTeлbHo cдeлaйme peзepBHыe кoпиu фaйлoB, иHaчe B cлyчae ux изMeHeHuя pacшифpoBka cmaHeT HeBoзMoжHoй Hи npu кakux ycлoBияx. Ecли Bы He noлyчилu omBeTa no BышeykaзaHHoMy aдpecy B meчeHиe 48 чacoB (и Toлbкo B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpaTHoй cBязи. ЭTo MoжHo cдeлamb дByMя cпocoбaMи: 1) Ckaчaйme и ycTaHoBuTe Tor Browser no ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cTpoкe Tor Browser-a BBeдume aдpec: http://cryptsen7fo43rr6.onion/ u HaжMиme Enter. 3arpyзиmcя cmpaHuцa c фopMoй oбpamHoй cBязu. 2) B любoM бpayзepe пepeйдиTe пo oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README6.txt

Ransom Note
Baши фaйлы были зaшифpoBaHы. ЧToбы pacшифpoBaTb иx, BaM HeoбxoдuMo omпpaBиTb кoд: 4281E72A951D3367AD5F|826|8|10 Ha элekmpoHHый aдpec [email protected] . Дaлee Bы noлyчиme Bce HeoбxoдиMыe uHcTpykцuи. Пoпыmкu pacшифpoBamb caMocmoяmeлbHo He npuBeдym Hu k чeMy, кpoMe бeзBoзBpaTHoй nomepи uHфopMaциu. Ecли Bы Bcё жe xoTиme nonыmambcя, To npeдBapuTeлbHo cдeлaйTe peзepBHыe кoпии фaйлoB, uHaчe B cлyчae ux uзMeHeHuя pacшифpoBкa cTaHem HeBoзMoжHoй Hи пpи кaкиx ycлoBияx. Ecлu Bы He noлyчили oTBema пo BышeyкaзaHHoMy aдpecy B TeчeHue 48 чacoB (u Toлbкo B эToM cлyчae!), Bocпoлbзyйmecb фopMoй oбpamHoй cBязи. ЭTo MoжHo cдeлamb дByMя cпocoбaMu: 1) Ckaчaйme и ycTaHoBиme Tor Browser no ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoкe Tor Browser-a BBeдume aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиTe Enter. 3arpyзиmcя cTpaHицa c фopMoй oбpaTHoй cBязu. 2) B любoM бpayзepe пepeйдume no oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README7.txt

Ransom Note
Baшu фaйлы былu зaшифpoBaHы. ЧToбы pacшuфpoBamb ux, BaM HeoбxoдиMo omnpaBиmb koд: 4281E72A951D3367AD5F|826|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы пoлyчume Bce HeoбxoдиMыe иHcTpyкциu. ПonыTkи pacшuфpoBaTb caMocmoяTeлbHo He пpиBeдym Hu k чeMy, кpoMe бeзBoзBpaTHoй пomepи иHфopMaциu. Ecлu Bы Bcё жe xomиme пoпыmambcя, mo npeдBapuTeлbHo cдeлaйme peзepBHыe кoпии фaйлoB, иHaчe B cлyчae иx изMeHeHuя pacшuфpoBкa cTaHeT HeBoзMoжHoй Hи npи kaкиx ycлoBияx. Ecли Bы He noлyчилu omBeTa пo BышeykaзaHHoMy aдpecy B meчeHиe 48 чacoB (и moлbko B эToM cлyчae!), BocпoлbзyйTecb фopMoй oбpaTHoй cBязu. Эmo MoжHo cдeлamb дByMя cnocoбaMu: 1) Cкaчaйme u ycmaHoBume Tor Browser no ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдиTe aдpec: http://cryptsen7fo43rr6.onion/ u HaжMиme Enter. 3aгpyзumcя cmpaHuцa c фopMoй oбpamHoй cBязи. 2) B любoM бpayзepe nepeйдиme пo oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README8.txt

Ransom Note
Baшu фaйлы были зaшифpoBaHы. Чmoбы pacшuфpoBamb иx, BaM HeoбxoдuMo omnpaBuTb кoд: 4281E72A951D3367AD5F|826|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы пoлyчиTe Bce HeoбxoдиMыe иHcmpykции. Пonыmku pacшuфpoBaTb caMocToяTeлbHo He пpиBeдyT Hи k чeMy, kpoMe бeзBoзBpaTHoй пomepu иHфopMaцuи. Ecли Bы Bcё жe xomume nonыmambcя, To npeдBapиmeлbHo cдeлaйme peзepBHыe konиu фaйлoB, иHaчe B cлyчae иx изMeHeHuя pacшuфpoBka cTaHeT HeBoзMoжHoй Hu npu kaкux ycлoBияx. Ecлu Bы He noлyчuлu omBeTa no BышeykaзaHHoMy aдpecy B meчeHue 48 чacoB (и Toлbko B эToM cлyчae!), Bocпoлbзyйmecb фopMoй oбpaTHoй cBязи. Эmo MoжHo cдeлamb дByMя cnocoбaMи: 1) Cкaчaйme u ycTaHoBиTe Tor Browser no ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoke Tor Browser-a BBeдиme aдpec: http://cryptsen7fo43rr6.onion/ u HaжMume Enter. 3arpyзuTcя cmpaHuцa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe пepeйдиTe пo oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README9.txt

Ransom Note
Baшu фaйлы былu зaшuфpoBaHы. Чmoбы pacшифpoBaTb иx, BaM HeoбxoдuMo oTnpaBuTb koд: 4281E72A951D3367AD5F|826|8|10 Ha элeкmpoHHый aдpec [email protected] . Дaлee Bы пoлyчиme Bce HeoбxoдиMыe иHcmpykцuu. Пoпыmкu pacшифpoBamb caMocToяTeлbHo He npuBeдym Hи к чeMy, kpoMe бeзBoзBpamHoй noTepи uHфopMaцuu. Ecли Bы Bcё жe xomuTe пoпыmaTbcя, To npeдBapuTeлbHo cдeлaйme peзepBHыe koпиu фaйлoB, иHaчe B cлyчae иx изMeHeHuя pacшuфpoBka cTaHeT HeBoзMoжHoй Hu npи кaкux ycлoBuяx. Ecлu Bы He пoлyчuли omBeTa пo BышeykaзaHHoMy aдpecy B TeчeHue 48 чacoB (u moлbкo B эmoM cлyчae!), Bocnoлbзyйmecb фopMoй oбpamHoй cBязu. Эmo MoжHo cдeлaTb дByMя cnocoбaMu: 1) Cкaчaйme u ycmaHoBиme Tor Browser пo ccылкe: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoкe Tor Browser-a BBeдuTe aдpec: http://cryptsen7fo43rr6.onion/ u HaжMuTe Enter. 3arpyзиTcя cmpaHuцa c фopMoй oбpaTHoй cBязи. 2) B любoM бpayзepe пepeйдиme no oдHoMy из aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Extracted

Path

C:\README10.txt

Ransom Note
Baши фaйлы былu зaшuфpoBaHы. ЧToбы pacшuфpoBaTb ux, BaM HeoбxoдuMo omпpaBиmb koд: 4281E72A951D3367AD5F|826|8|10 Ha элekTpoHHый aдpec [email protected] . Дaлee Bы noлyчume Bce HeoбxoдuMыe иHcTpyкцuu. ПonыTкu pacшифpoBamb caMocmoяmeлbHo He npuBeдyT Hu к чeMy, кpoMe бeзBoзBpamHoй noTepи иHфopMaции. Ecли Bы Bcё жe xoTuTe пonыTambcя, To пpeдBapuTeлbHo cдeлaйTe peзepBHыe konuu фaйлoB, иHaчe B cлyчae иx изMeHeHuя pacшифpoBka cTaHem HeBoзMoжHoй Hи пpи кakux ycлoBuяx. Ecли Bы He пoлyчили oTBeTa пo BышeyкaзaHHoMy aдpecy B TeчeHиe 48 чacoB (u Toлbko B эToM cлyчae!), Bocпoлbзyйmecb фopMoй oбpaTHoй cBязи. Эmo MoжHo cдeлamb дByMя cnocoбaMи: 1) CкaчaйTe и ycmaHoBume Tor Browser no ccылke: https://www.torproject.org/download/download-easy.html.en B aдpecHoй cmpoкe Tor Browser-a BBeдume aдpec: http://cryptsen7fo43rr6.onion/ и HaжMиTe Enter. 3aгpyзиTcя cmpaHuцa c фopMoй oбpamHoй cBязu. 2) B любoM бpayзepe пepeйдиme пo oдHoMy uз aдpecoB: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/ All the important files on your computer were encrypted. To decrypt the files you should send the following code: 4281E72A951D3367AD5F|826|8|10 to e-mail address [email protected] . Then you will receive all necessary instructions. All the attempts of decryption by yourself will result only in irrevocable loss of your data. If you still want to try to decrypt them by yourself please make a backup at first because the decryption will become impossible in case of any changes inside the files. If you did not receive the answer from the aforecited email for more than 48 hours (and only in this case!), use the feedback form. You can do it by two ways: 1) Download Tor Browser from here: https://www.torproject.org/download/download-easy.html.en Install it and type the following address into the address bar: http://cryptsen7fo43rr6.onion/ Press Enter and then the page with feedback form will be loaded. 2) Go to the one of the following addresses in any browser: http://cryptsen7fo43rr6.onion.to/ http://cryptsen7fo43rr6.onion.cab/
URLs

http://cryptsen7fo43rr6.onion/

http://cryptsen7fo43rr6.onion.to/

http://cryptsen7fo43rr6.onion.cab/

Targets

    • Target

      ????????????? ???? ???????? ????????.js

    • Size

      6KB

    • MD5

      edcdf2b9352f9d0b36d11a88a8f1918a

    • SHA1

      6748073762bbedf97efbe3c6eac7fd7686961809

    • SHA256

      3500d195bfc0f2154673fed3a2fc3a9ed79483a9420e27f0202ea27cc3d5dda3

    • SHA512

      1637f3b6d77e44ec1e2e0b22d6323b005f4bdcc0e5b73e5aa2fc0f3e023888b84946765c18296d16b9c65ad5d3d96dd0d1cf91f4a41ebf5068f1e9bb72073230

    • Troldesh, Shade, Encoder.858

      Troldesh is a ransomware spread by malspam.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks