7163e267d5132a1df96df8ef045b10809c07048aded2ce87d2de1600cbd44b28

General

Target

cce5a753888cb5b044c767fe8e95e410ebdf1e1c79cabc95db1c9e1a8e81c5e7.bin.sample.gz
Size

46KB
Sample

220621-v9sk5abbh7
MD5

d1a748838c86ec5be5f985ebc207cafb
SHA1

55dde4037959265d4b1c1e52528e7abc13833194
SHA256

7163e267d5132a1df96df8ef045b10809c07048aded2ce87d2de1600cbd44b28
SHA512

ecf7b94f50685dab7be7a1fea16514431bfd933029fb86f16b83260a7908206f9711a03999843a3f77114cb0e139e51693ed45aa2b6a1b04bbe448857351aa94

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RECOVERY.txt

Ransom Note

All your important files are encrypted! Any attempts to recover your files using third-party software will have fatal consequences, the files will be changed forever, without the possibility of recovery. There is only one way to get your files back: install the tor browser (https://www.torproject.org/download ) Important: Create a new email in the service http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/account/create for contact! write to me at [email protected] Send me your ID by email Key Identifier: PWT7ZX85LDPO0fjsZh2tTV0jF5gmmCBD5RkKG59MkM99OxuUkuD4IgL/Tluu2PPjE7qikYcrxE1jHNhLeCVMfXq0R1esUAoxSaE9vwDiWyYQtbFkdIz4LAUKSIYQxqyvpmjRgyLnJ7gbYrrBna+eHckLw8UhE0gJP58hE6/UdwfFmsPtOr0CNrVpzgIMmZGHssXdUPJF2MbC+5RpxyjYUHOdpwh8ejh6dJoI6zfP4iXudMWxzfBcgg4TRLgGA5BDK8RZtOjsQWcRRLtk0DemhXzS/bIMYQMrkiL4vo18wAXyIYhz7++Y5aRLDqIarNc5RMwG8MoMAFGcBUQEw+uyFXwp0p2Gp2XMLGaa8vYGE6T9kjZRBmfIF9vMceEURqmZOe6s07ygA+BwWp/NWFkii6FgArocce0qk6VfCKgR5QZb/5r07ka2u2wp4ZdmJO9zsWjTS7Lq8kA5Mt0ijM7F9/MbqyhKaj+ZxOsVo6uqNPkqHCY3+ZmLXS9msUhFdTCe2vmD/ZQ3n7WAyr2WP3t4oLRVE4mJTvHIik8N2baRSOFGGlfvwgEWSwqHFRy/Jc5c0LlAa+zdpHBYvpEDF0wahXY60/h1oKmMlb2chRUqlhZ9/Y3TCrzTlEm2IaRf2157TFzfv4PqZ/SEKt7+CasINfNWmKcEOrVXe2JDAp1ou/E=

Emails

[email protected]

URLs

http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/account/create

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RECOVERY.txt

Ransom Note

All your important files are encrypted! Any attempts to recover your files using third-party software will have fatal consequences, the files will be changed forever, without the possibility of recovery. There is only one way to get your files back: install the tor browser (https://www.torproject.org/download ) Important: Create a new email in the service http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/account/create for contact! write to me at [email protected] Send me your ID by email Key Identifier: SMODk6hMz5lk5zn8XQHTiQpkmWuc84m7seTi63tYw9WhR9jrjTN5ynODxNmzD+uMyxgFYLxyn9OWtkId5ypPEEeDlGNsy1NgTqxeng0ryTX60kH2EjSWUTLRUHOh9oH6d6OIKCUpbzQCtSMMXXL05PGAXCKSUFo/fDetmCt5Hqul9dh4eiwyC/KKh/cdG0LM7ofj16uMVweBSLkBenGCh918MC1itrbDiW8Yhf1+Ljgvu5+1TX4N36Aw0g8o9/mf7yyqxGvZkcJlSrkEGOdknH0EQUd1hLJi10XGpOUUgBBoYrOsxasjVnGPqr+L1j2PyD8txaaqd6Kpxr5DZ4b8id9bdYcbIUlW+fOY6Xtid314BC3lJEszqVQsBk4Ac9TxQu6Wh9XZ1SPq/DjMpJYwuWSgb1g5Wzg6DSZdlSGqYI61JHhx8fucrLASZp2RnFOADAMp/fwnVVkLLHOA6aU9yEZjnyevyWlHYqc0aCDEY17H5ygrF+ySudnTTMgmyX+1aIFXoTbxCTRkD6tRowPixiA3wR2VRJEI6NutVOCqC7vGRIaQofFK00L2RQk55nrTsIiQn3P/47h6jinfKb22XX8mqrs3fNh4rx8Jq4XaI3hpcUUm8msCPD6OepiTsFwBXQtA5oamvOamwztAgML+D6LfR53TUjcYTCYqS71nFOo=

Emails

[email protected]

URLs

http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/account/create

Targets

- Target
  
  sample
- Size
  
  94KB
- MD5
  
  26f65722f6307386f3aa23237f44c24a
- SHA1
  
  d26becc64f43c7af17f2d39d3fc1b744ac3e8fbb
- SHA256
  
  cce5a753888cb5b044c767fe8e95e410ebdf1e1c79cabc95db1c9e1a8e81c5e7
- SHA512
  
  241c6ba3e95206827fe26ee6ef279e0bad2fbe6d4b55732fdacd078e2a977726a01bc16fd4b213b7483a1f1e74d1355dc416fb04ad8d86e3da2443cfa499bbb1
Score

10^/10

ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Drops startup file
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Remote System Discovery

1

T1018

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Modifies extensions of user files

Deletes itself

Drops startup file

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2