hakbit

General

Target

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
Size

80KB
Sample

220911-s66x8sffap
MD5

8152a3d0d76f7e968597f4f834fdfa9d
SHA1

c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
SHA256

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
SHA512

eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
SSDEEP

1536:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/suIicRtpNf8SgRXt+AacRDVX8C4OntD4acN:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/su0

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt

Family

hakbit

Ransom Note

To recover your data contact the email below potentialenergy@mail.ru Key Identifier: L/iGu+Gzagql0oXRpLjEgpa93pEkry4vdk4yw3jar9ETeoLjB05OZudA6BfYQjnWxepziQcSfMRK9MwiaJBg3U5mwJyeyotZkXVucRKAG6ALx80OC64x0x6D6RK/52dvKDkuhNHxueCEpEWVdPNqs6dviqo44+Oy4QMWUqzvIxU3qC4xGJyZRFX5kaazOiIklbS6bg4mkQDPJJ8w+BizNBJ93ndttaoxwdwVAcH2Hx6aOBJN0xtFuhtHcPY2eNDiCCX9o7yP6/BtBaySfCh1Zk69JKOg9M1y/9IHAkgZq+6xK3mbgt4QneLnjkuZJXJUYvbvAP3VEgLkImrTgYu+uC7Q3aQ1u6B9bV8N0t/QPYotI9nsoEbRfDl7KiqENW4wwOGj/lwb8gwrdOfQZNkpIO4vZNJmQFuYQc+q5eS4xahvpF2oSbbVCG1MzXKjtCwkCAjB+2pt2R0VCTg7Swo1rbWTkA8gCvAkFlmEL5/ChpQtFljVkjq3TkrqJXtJRipF/Vp7aFvCByqp6LjFLnpAiPhHhPxi0mZxKJ3Nc3fY9+exyHSL6AteqaaidRUe2X1/bnVZGm5AKpYVmyoToQmY/7VkbyWekR4ZFSeU9+mpSJfgnOe5prwhH/DoShzXlloBhEkeKiDBpRXWCR54EgjKBdV7jqq3IogOZ3SREveFtcs= Number of files that were processed is: 457

Emails

potentialenergy@mail.ru

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt

Family

hakbit

Ransom Note

To recover your data contact the email below potentialenergy@mail.ru Key Identifier: u6KAYt9nGmuQMCdrum0OHkc8oFALeXODCc0M+SIGWl0RHWRFNFRObERzzs1bC8yGSehrTs/r+3t1oPBCD5nFVaX2jlHdM7uJZ+9QpfbRptA6Exgb2oRueQSL1wuXOgeAk3Vx1HeuBWlAhY/l7h9KeF1ZOa6DFctO2ilM8v7chdQfYN2PVgCPt6BXDU3gGvU3txBQjkhKHTB8/dvbSDGr+Us2ryE8nHIg71ykXZWT2SEHaA61+vpxeG9WJMXwJ1fQfVZQViDajSO3CNCCgH45Goh6VyHz87O4oytDd1YRWFkIebcAzPoXDvbf1Dkr7584xDJ2tV4cH4lK8UCoL0+kjojyOudrYQUX4+9OzjrCaPUObVFP34snpWF0HWQkEI5geV/g17zhmiS8nrNXnEtCmvbUb5SRCdVCdyiD8oIV1XJhElGc89br43JQvD+euWfBX1RtOMw2A/uRIbHGnzmGUv98xoCkQ/3zg3uNVpHAh4241VPXJGvQs1ktYa91mDPbTB7v/mV/4uA/YrHt0P16U1HjZQbSPEKSjxjnSORlmAoWHBhDH9nQ/QOXUosaoJkalsM4ueOurmE51x58dM8cIPVxrOAa/MKuSX3vnSfEv5US3/33W9qI/AdPEVvPpg8tvRzhDBvNYSBSy6NqvtRp12W+4HAcoezFl209ip/uGOI= Number of files that were processed is: 390

Emails

potentialenergy@mail.ru

Targets

- Target
  
  69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
- Size
  
  80KB
- MD5
  
  8152a3d0d76f7e968597f4f834fdfa9d
- SHA1
  
  c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
- SHA256
  
  69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
- SHA512
  
  eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
- SSDEEP
  
  1536:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/suIicRtpNf8SgRXt+AacRDVX8C4OntD4acN:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/su0
Score

10^/10

hakbit ransomware spyware stealer
- Hakbit
  Ransomware which encrypts files using AES, first seen in November 2019.
  ransomware hakbit
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2