Overview

overview

10

Static

static

sample.exe

windows7_x64

10

sample.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cce5a753888cb5b044c767fe8e95e410ebdf1e1c79cabc95db1c9e1a8e81c5e7.bin.sample.gz

  • Size

    46KB

  • Sample

    220621-v9sk5abbh7

  • MD5

    d1a748838c86ec5be5f985ebc207cafb

  • SHA1

    55dde4037959265d4b1c1e52528e7abc13833194

  • SHA256

    7163e267d5132a1df96df8ef045b10809c07048aded2ce87d2de1600cbd44b28

  • SHA512

    ecf7b94f50685dab7be7a1fea16514431bfd933029fb86f16b83260a7908206f9711a03999843a3f77114cb0e139e51693ed45aa2b6a1b04bbe448857351aa94

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RECOVERY.txt

Ransom Note
All your important files are encrypted! Any attempts to recover your files using third-party software will have fatal consequences, the files will be changed forever, without the possibility of recovery. There is only one way to get your files back: install the tor browser (https://www.torproject.org/download ) Important: Create a new email in the service http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/account/create for contact! write to me at Retailgaze@onionmail.org Send me your ID by email Key Identifier: PWT7ZX85LDPO0fjsZh2tTV0jF5gmmCBD5RkKG59MkM99OxuUkuD4IgL/Tluu2PPjE7qikYcrxE1jHNhLeCVMfXq0R1esUAoxSaE9vwDiWyYQtbFkdIz4LAUKSIYQxqyvpmjRgyLnJ7gbYrrBna+eHckLw8UhE0gJP58hE6/UdwfFmsPtOr0CNrVpzgIMmZGHssXdUPJF2MbC+5RpxyjYUHOdpwh8ejh6dJoI6zfP4iXudMWxzfBcgg4TRLgGA5BDK8RZtOjsQWcRRLtk0DemhXzS/bIMYQMrkiL4vo18wAXyIYhz7++Y5aRLDqIarNc5RMwG8MoMAFGcBUQEw+uyFXwp0p2Gp2XMLGaa8vYGE6T9kjZRBmfIF9vMceEURqmZOe6s07ygA+BwWp/NWFkii6FgArocce0qk6VfCKgR5QZb/5r07ka2u2wp4ZdmJO9zsWjTS7Lq8kA5Mt0ijM7F9/MbqyhKaj+ZxOsVo6uqNPkqHCY3+ZmLXS9msUhFdTCe2vmD/ZQ3n7WAyr2WP3t4oLRVE4mJTvHIik8N2baRSOFGGlfvwgEWSwqHFRy/Jc5c0LlAa+zdpHBYvpEDF0wahXY60/h1oKmMlb2chRUqlhZ9/Y3TCrzTlEm2IaRf2157TFzfv4PqZ/SEKt7+CasINfNWmKcEOrVXe2JDAp1ou/E=
Emails

Retailgaze@onionmail.org

URLs

http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/account/create

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\RECOVERY.txt

Ransom Note
All your important files are encrypted! Any attempts to recover your files using third-party software will have fatal consequences, the files will be changed forever, without the possibility of recovery. There is only one way to get your files back: install the tor browser (https://www.torproject.org/download ) Important: Create a new email in the service http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/account/create for contact! write to me at Retailgaze@onionmail.org Send me your ID by email Key Identifier: SMODk6hMz5lk5zn8XQHTiQpkmWuc84m7seTi63tYw9WhR9jrjTN5ynODxNmzD+uMyxgFYLxyn9OWtkId5ypPEEeDlGNsy1NgTqxeng0ryTX60kH2EjSWUTLRUHOh9oH6d6OIKCUpbzQCtSMMXXL05PGAXCKSUFo/fDetmCt5Hqul9dh4eiwyC/KKh/cdG0LM7ofj16uMVweBSLkBenGCh918MC1itrbDiW8Yhf1+Ljgvu5+1TX4N36Aw0g8o9/mf7yyqxGvZkcJlSrkEGOdknH0EQUd1hLJi10XGpOUUgBBoYrOsxasjVnGPqr+L1j2PyD8txaaqd6Kpxr5DZ4b8id9bdYcbIUlW+fOY6Xtid314BC3lJEszqVQsBk4Ac9TxQu6Wh9XZ1SPq/DjMpJYwuWSgb1g5Wzg6DSZdlSGqYI61JHhx8fucrLASZp2RnFOADAMp/fwnVVkLLHOA6aU9yEZjnyevyWlHYqc0aCDEY17H5ygrF+ySudnTTMgmyX+1aIFXoTbxCTRkD6tRowPixiA3wR2VRJEI6NutVOCqC7vGRIaQofFK00L2RQk55nrTsIiQn3P/47h6jinfKb22XX8mqrs3fNh4rx8Jq4XaI3hpcUUm8msCPD6OepiTsFwBXQtA5oamvOamwztAgML+D6LfR53TUjcYTCYqS71nFOo=
Emails

Retailgaze@onionmail.org

URLs

http://pflujznptk5lmuf6xwadfqy6nffykdvahfbljh7liljailjbxrgvhfid.onion/account/create

Targets

    • Target

      sample

    • Size

      94KB

    • MD5

      26f65722f6307386f3aa23237f44c24a

    • SHA1

      d26becc64f43c7af17f2d39d3fc1b744ac3e8fbb

    • SHA256

      cce5a753888cb5b044c767fe8e95e410ebdf1e1c79cabc95db1c9e1a8e81c5e7

    • SHA512

      241c6ba3e95206827fe26ee6ef279e0bad2fbe6d4b55732fdacd078e2a977726a01bc16fd4b213b7483a1f1e74d1355dc416fb04ad8d86e3da2443cfa499bbb1

    Score
    10/10
    ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops startup file

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Remote System Discovery

1
T1018

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks