Overview

overview

10

Static

static

f3caa040ef...f5.exe

windows7_x64

10

f3caa040ef...f5.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f3caa040efb298878b99f883a898f76d92554e07a8958e90ff70e7ff3cfabdf5.zip

  • Size

    112KB

  • Sample

    220708-l97klsdfh3

  • MD5

    4a20c7e2d55cc406d7e2e075b43223ac

  • SHA1

    834a8abc21c5196b913dd39b3958d1700d5df2f0

  • SHA256

    ec704de00a60797b2ecc3be32cf7a58ed5d681a2c07e39c26f1302d243aa49cf

  • SHA512

    2ff4fc1728060921e01ba2fc152aadda4e43dae9fc7fb471a55dcda736435e9426f39ea5e98d4bc19ad2b2c448d8b92710b1ba3ffe040cdf992a2c8744d8f087

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Restore_Your_Files.txt

Ransom Note
All your important files have been encrypted and stolen! Contact us for price and get decryption software. You have 3 days to contact us for negotiation. If you don't contact within three days, we'll start leaking data. 1) Contact our tox. Tox download address: https://tox.chat/ Our poison ID: 59B542C61F574BD8B3255E55651FC7C49EB53546FC6AD0698C7A12D97D193C7D6DBA9758A282 * Note that this server is available via Tor browser only Follow the instructions to open the link: 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site. 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it. 3. Now you have Tor browser. In the Tor Browser open : http://yeuajcizwytgmrntijhxphs6wn5txp2prs6rpndafbsapek3zd4ubcid.onion
URLs

https://tox.chat/

http://yeuajcizwytgmrntijhxphs6wn5txp2prs6rpndafbsapek3zd4ubcid.onion

Targets

    • Target

      f3caa040efb298878b99f883a898f76d92554e07a8958e90ff70e7ff3cfabdf5.exe

    • Size

      235KB

    • MD5

      b7a182db3ba75e737f75bda1bc76331a

    • SHA1

      cf0fe28214ad4106c48ec5867327319eaa82b3c3

    • SHA256

      f3caa040efb298878b99f883a898f76d92554e07a8958e90ff70e7ff3cfabdf5

    • SHA512

      5e8d7f65ae231020056a3940d3ca31546986a6130a7956374edc0bc4f139f66f467bf27b66b5cdff73f52dc48ad00f84a9a618fec6db2727c61c44807fb650e8

    Score
    10/10
    ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks