ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
General
Target
Size
Sample
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
750KB
220520-ljx89acgdp
Score
10 /10
MD5
SHA1
SHA256
SHA512
0f081afaae11c154edb8df747d612f93
7b1478e64453d78ff60eda7b1d2cc3623d4a9210
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
4b76bd14bcdf5a5e0a73fe630dc430968d59a7c132b00cb9e12674ff6d6472a726b5ed7796fa1481eb7e7b2aacdbc356a3b028c2b3eb2cbd13af1650f3d20628
Malware Config
Extracted
| Path | C:\Users\Admin\Downloads\HELP_DECRYPT_YOUR_FILES.txt |
| Ransom Note |
Oops All Of your important files were encrypted Like document pictures videos etc..
Don't worry, you can return all your files!
All your files, documents, photos, databases and other important files are encrypted by a strong encryption.
How to recover files?
RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key.
The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files.
What guarantees you have?
As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file
Please You must follow these steps carefully to decrypt your files:
Send $1000 worth of bitcoin to wallet: bc1qtc9dpp69th34m5dsuadhparzmt9qqr7sukuw93
after payment,we will send you Decryptor software
contact email: uncrushman@protonmail.com
Your personal ID: m4MhIJx65io3E7O40DGe0n1THcuMQxIIewKUKjawYlQbxYgRtn4nAMYEf/3E/IyFruptIcfMoXaA04HF50BTQUk5cx3iDQ0LwwhXkJ+jmM9BX96Gx75thNCKm66GKILIWnGp6QI4kYbSuJk2eUyGPChb23SWrV8Bb9A4rYwgepU=
|
| Emails |
uncrushman@protonmail.com |
Extracted
| Path | C:\Users\Admin\Downloads\HELP_DECRYPT_YOUR_FILES.txt |
| Ransom Note |
Oops All Of your important files were encrypted Like document pictures videos etc..
Don't worry, you can return all your files!
All your files, documents, photos, databases and other important files are encrypted by a strong encryption.
How to recover files?
RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key.
The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files.
What guarantees you have?
As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file
Please You must follow these steps carefully to decrypt your files:
Send $1000 worth of bitcoin to wallet: bc1qtc9dpp69th34m5dsuadhparzmt9qqr7sukuw93
after payment,we will send you Decryptor software
contact email: uncrushman@protonmail.com
Your personal ID: d+CqXFl2O/KTCKkLIGn24IV/xeybqK8aqlJTrRsEpjlLQHfTUQDWmumoA43CRYw+PE8pVTrqImIJr94nZg379QuoqhtL5e+zTvZFVQO1GeTw9iFaWF21zWRJAjABm5A7K6ctx0Sbg+NpZC9kjfREpn7LKOWbw29W0J8HeExkyaQ=
|
| Emails |
uncrushman@protonmail.com |
Targets
Target
MD5
Filesize
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
0f081afaae11c154edb8df747d612f93
750KB
Score
10/10
SHA1
SHA256
SHA512
7b1478e64453d78ff60eda7b1d2cc3623d4a9210
ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858
4b76bd14bcdf5a5e0a73fe630dc430968d59a7c132b00cb9e12674ff6d6472a726b5ed7796fa1481eb7e7b2aacdbc356a3b028c2b3eb2cbd13af1650f3d20628
Tags
Signatures
-
UAC bypass
-
Deletes shadow copies
Description
Ransomware often targets backup files to inhibit system recovery.
Tags
TTPs
-
Executes dropped EXE
-
Checks computer location settings
Description
Looks up country code configured in the registry, likely geofence.
TTPs
-
Loads dropped DLL
-
Legitimate hosting services abused for malware hosting/C2
TTPs
-
Generic Ransomware Note
Description
Ransomware often writes a note containing information on how to pay the ransom.
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks