8c35e6697d8de2ea395b560b1d1847488277cf05648a7d1a2b0920fafc6ec52d

General

Target

7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a.zip
Size

264KB
Sample

220521-j2zhxsecdp
MD5

990bb7802f8dbe4e306d9dbfe7df4cf7
SHA1

169c77cd7c7b1f9ec1f7877e41e70841dd00895b
SHA256

8c35e6697d8de2ea395b560b1d1847488277cf05648a7d1a2b0920fafc6ec52d
SHA512

9b2fa7e288e15de50b922d3f55f9fc3069953b72b9a670ccc7995836dabbe4d19e9af8f7d269de604f8fdba8668810824cc5fa9e2ed2b7f8045766d40b305043

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/ Your company id for log in: ba7a7058-3531-4b67-bae6-d602e9110361

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/

Targets

- Target
  
  7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a.exe
- Size
  
  543KB
- MD5
  
  998022b70d83c6de68e5bdf94e0f8d71
- SHA1
  
  b87a947f3e85701fcdadd733e9b055a65a3b1308
- SHA256
  
  7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a
- SHA512
  
  2744b77f951bd2bb34b094dd3b54fcf8f7dca76e03c745809edc045749c814c7d88c9ddd69ad684a1c156716afae76b5ebec3f932d0f2a72b242878134f65647
Score

10^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2