817f8a462a1df530c1b9491135c3257bb95bb28c4923918368220100ac0034af

General

Target

ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.zip
Size

264KB
Sample

220521-jw6eaaecbj
MD5

a742bb651e4ed4a80b5ad06fe67273fa
SHA1

28030c2851f7ec09d2852c0cd716922690b26470
SHA256

817f8a462a1df530c1b9491135c3257bb95bb28c4923918368220100ac0034af
SHA512

1148a07c653ec726d20efe66580b121893225c4e75d12f7f0eacc0264d18078908690e929ea21908b303292e0f6c8e5c9ca84876e01a93708e43bb25f0a65034

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\readme.txt

Ransom Note

Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom You can contact us and decrypt one file for free on this TOR site (you should download and install TOR browser first https://torproject.org) https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/ Your company id for log in: ba7a7058-3531-4b67-bae6-d602e9110361

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion:80/

Targets

- Target
  
  ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e.exe
- Size
  
  543KB
- MD5
  
  53fdeb923b1890d29b8f29da77995938
- SHA1
  
  a996ccd0d58125bf299e89f4c03ff37afdab33fc
- SHA256
  
  ae7c868713e1d02b4db60128c651eb1e3f6a33c02544cc4cb57c3aa6c6581b6e
- SHA512
  
  7c78e880f3d2dfc163625ff3d0b4676aa6a083dbbeac270520679f6b21d1c449c5af720ca7b9a68b5b3309e2de8d586cfed5d9b3a78d006e6d981a1aaf88c535
Score

10^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2