ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858

General
Target

ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858

Size

750KB

Sample

220520-ljx89acgdp

Score
10 /10
MD5

0f081afaae11c154edb8df747d612f93

SHA1

7b1478e64453d78ff60eda7b1d2cc3623d4a9210

SHA256

ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858

SHA512

4b76bd14bcdf5a5e0a73fe630dc430968d59a7c132b00cb9e12674ff6d6472a726b5ed7796fa1481eb7e7b2aacdbc356a3b028c2b3eb2cbd13af1650f3d20628

Malware Config

Extracted

Path C:\Users\Admin\Downloads\HELP_DECRYPT_YOUR_FILES.txt
Ransom Note
Oops All Of your important files were encrypted Like document pictures videos etc.. Don't worry, you can return all your files! All your files, documents, photos, databases and other important files are encrypted by a strong encryption. How to recover files? RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key. The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files. What guarantees you have? As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file Please You must follow these steps carefully to decrypt your files: Send $1000 worth of bitcoin to wallet: bc1qtc9dpp69th34m5dsuadhparzmt9qqr7sukuw93 after payment,we will send you Decryptor software contact email: uncrushman@protonmail.com Your personal ID: m4MhIJx65io3E7O40DGe0n1THcuMQxIIewKUKjawYlQbxYgRtn4nAMYEf/3E/IyFruptIcfMoXaA04HF50BTQUk5cx3iDQ0LwwhXkJ+jmM9BX96Gx75thNCKm66GKILIWnGp6QI4kYbSuJk2eUyGPChb23SWrV8Bb9A4rYwgepU=
Emails

uncrushman@protonmail.com

Extracted

Path C:\Users\Admin\Downloads\HELP_DECRYPT_YOUR_FILES.txt
Ransom Note
Oops All Of your important files were encrypted Like document pictures videos etc.. Don't worry, you can return all your files! All your files, documents, photos, databases and other important files are encrypted by a strong encryption. How to recover files? RSA is a asymmetric cryptographic algorithm, you need one key for encryption and one key for decryption so you need private key to recover your files. It’s not possible to recover your files without private key. The only method of recovering files is to purchase an unique private key.Only we can give you this key and only we can recover your files. What guarantees you have? As evidence, you can send us 1 file to decrypt by email We will send you a recovery file Prove that we can decrypt your file Please You must follow these steps carefully to decrypt your files: Send $1000 worth of bitcoin to wallet: bc1qtc9dpp69th34m5dsuadhparzmt9qqr7sukuw93 after payment,we will send you Decryptor software contact email: uncrushman@protonmail.com Your personal ID: d+CqXFl2O/KTCKkLIGn24IV/xeybqK8aqlJTrRsEpjlLQHfTUQDWmumoA43CRYw+PE8pVTrqImIJr94nZg379QuoqhtL5e+zTvZFVQO1GeTw9iFaWF21zWRJAjABm5A7K6ctx0Sbg+NpZC9kjfREpn7LKOWbw29W0J8HeExkyaQ=
Emails

uncrushman@protonmail.com

Targets
Target

ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858

MD5

0f081afaae11c154edb8df747d612f93

Filesize

750KB

Score
10/10
SHA1

7b1478e64453d78ff60eda7b1d2cc3623d4a9210

SHA256

ab6de66f1fbf393be0d71a7559be0e3e7a6c9d8fc4b4161171c027185ff17858

SHA512

4b76bd14bcdf5a5e0a73fe630dc430968d59a7c132b00cb9e12674ff6d6472a726b5ed7796fa1481eb7e7b2aacdbc356a3b028c2b3eb2cbd13af1650f3d20628

Tags

Signatures

  • UAC bypass

    Tags

    TTPs

    Bypass User Account ControlDisabling Security ToolsModify Registry
  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File DeletionInhibit System Recovery
  • Executes dropped EXE

  • Checks computer location settings

    Description

    Looks up country code configured in the registry, likely geofence.

    TTPs

    Query RegistrySystem Information Discovery
  • Loads dropped DLL

  • Legitimate hosting services abused for malware hosting/C2

    TTPs

    Web Service
  • Generic Ransomware Note

    Description

    Ransomware often writes a note containing information on how to pay the ransom.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                  Tasks

                  static1

                  behavioral1

                  10/10

                  behavioral2

                  10/10