General

  • Target

    7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a.zip

  • Size

    264KB

  • Sample

    220521-j2zhxsecdp

  • MD5

    990bb7802f8dbe4e306d9dbfe7df4cf7

  • SHA1

    169c77cd7c7b1f9ec1f7877e41e70841dd00895b

  • SHA256

    8c35e6697d8de2ea395b560b1d1847488277cf05648a7d1a2b0920fafc6ec52d

  • SHA512

    9b2fa7e288e15de50b922d3f55f9fc3069953b72b9a670ccc7995836dabbe4d19e9af8f7d269de604f8fdba8668810824cc5fa9e2ed2b7f8045766d40b305043

Score
10/10

Malware Config

Extracted

Path

C:\readme.txt

Ransom Note
Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/ Your company id for log in: ba7a7058-3531-4b67-bae6-d602e9110361
URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/

Targets

    • Target

      7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a.exe

    • Size

      543KB

    • MD5

      998022b70d83c6de68e5bdf94e0f8d71

    • SHA1

      b87a947f3e85701fcdadd733e9b055a65a3b1308

    • SHA256

      7883f01096db9bcf090c2317749b6873036c27ba92451b212b8645770e1f0b8a

    • SHA512

      2744b77f951bd2bb34b094dd3b54fcf8f7dca76e03c745809edc045749c814c7d88c9ddd69ad684a1c156716afae76b5ebec3f932d0f2a72b242878134f65647

    Score
    10/10
    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Impact

Inhibit System Recovery

2
T1490

Defacement

1
T1491

Tasks