General
-
Target
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154
-
Size
62KB
-
Sample
220607-w4sjlscddq
-
MD5
131a20e9f579bc9f7dd9832b4c5f25bd
-
SHA1
83979db718962e3a0b45e5f70320fe5b4f009b7c
-
SHA256
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154
-
SHA512
92e83892f635efb13d6f268ccab884b2079451a82a1e53a8482c632e126b14d3453c5ab17463d55b4cd2341d6b44034eb523867258932a9cd47deba435494f1c
Static task
static1
Behavioral task
behavioral1
Sample
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
Path |
C:\Users\Admin\Desktop\HELP_ME_RECOVER_MY_FILES.txt |
Family |
hakbit |
Ransom Note | Atention! all your important files were encrypted! to get your files back send 1 Bitcoins and contact us with proof of payment and your Unique Identifier Key. We will send you a decryption tool with your personal decryption password. Where can you buy Bitcoins: https://www.coinbase.com https://localbitcoins.com Contact: torsec1@secmail.pro agarrard@protonmail.com Bitcoin wallet to make the transfer to is: 1F9i1vpfGfKXaUqhhgTmxe9Y2aS8stSGvR1F9i1vpfGfKXaUqhhgTmxe9Y2aS8stSGvR Unique Identifier Key (must be sent to us together with proof of payment): ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ JF2ae85uI+qcJGrh/PT5oWG8IAmo/+JAXYzpaqtvTaj2JEnTJ9yBQOSV6ApaKD/C9UlRWF7uGWeOUzyX5NYqdSLJr2ZKVlRBxZzRSIs1j7wqvHbVB6deFJspSspk6p6KjPkg5TOK9LofUgvPwPk6/PAF5Xvk8OtX1qbeopJLzoJ1v0OViMvPOS9V/TV6tshC1XNIwTYKCo6MmK8j+Gg+5mC4tkrOMXiCr1WT7WXKCzf4Lmi5mA2Tzgp0EpXG1tkFRn0S2Cgs3QBPQ5VlG1jZTccorKLk1xEB1ZjZ9/9jp3xBi4bEtbn3TJj5Ryscc4gPf039Oiuyxlph/LBDw1rmGA== ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
Emails |
torsec1@secmail.pro agarrard@protonmail.com |
Targets
-
-
Target
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154
-
Size
62KB
-
MD5
131a20e9f579bc9f7dd9832b4c5f25bd
-
SHA1
83979db718962e3a0b45e5f70320fe5b4f009b7c
-
SHA256
a8117abc27d70f18eaec3b6569e105edb2604c81b6e33dc81719e3e6247f5154
-
SHA512
92e83892f635efb13d6f268ccab884b2079451a82a1e53a8482c632e126b14d3453c5ab17463d55b4cd2341d6b44034eb523867258932a9cd47deba435494f1c
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation