General
-
Target
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
-
Size
80KB
-
Sample
220911-s66x8sffap
-
MD5
8152a3d0d76f7e968597f4f834fdfa9d
-
SHA1
c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
-
SHA256
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
-
SHA512
eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
-
SSDEEP
1536:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/suIicRtpNf8SgRXt+AacRDVX8C4OntD4acN:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/su0
Malware Config
Extracted
| Path |
C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt |
| Family |
hakbit |
| Ransom Note | To recover your data contact the email below potentialenergy@mail.ru Key Identifier: L/iGu+Gzagql0oXRpLjEgpa93pEkry4vdk4yw3jar9ETeoLjB05OZudA6BfYQjnWxepziQcSfMRK9MwiaJBg3U5mwJyeyotZkXVucRKAG6ALx80OC64x0x6D6RK/52dvKDkuhNHxueCEpEWVdPNqs6dviqo44+Oy4QMWUqzvIxU3qC4xGJyZRFX5kaazOiIklbS6bg4mkQDPJJ8w+BizNBJ93ndttaoxwdwVAcH2Hx6aOBJN0xtFuhtHcPY2eNDiCCX9o7yP6/BtBaySfCh1Zk69JKOg9M1y/9IHAkgZq+6xK3mbgt4QneLnjkuZJXJUYvbvAP3VEgLkImrTgYu+uC7Q3aQ1u6B9bV8N0t/QPYotI9nsoEbRfDl7KiqENW4wwOGj/lwb8gwrdOfQZNkpIO4vZNJmQFuYQc+q5eS4xahvpF2oSbbVCG1MzXKjtCwkCAjB+2pt2R0VCTg7Swo1rbWTkA8gCvAkFlmEL5/ChpQtFljVkjq3TkrqJXtJRipF/Vp7aFvCByqp6LjFLnpAiPhHhPxi0mZxKJ3Nc3fY9+exyHSL6AteqaaidRUe2X1/bnVZGm5AKpYVmyoToQmY/7VkbyWekR4ZFSeU9+mpSJfgnOe5prwhH/DoShzXlloBhEkeKiDBpRXWCR54EgjKBdV7jqq3IogOZ3SREveFtcs= Number of files that were processed is: 457 |
| Emails |
potentialenergy@mail.ru |
Extracted
| Path |
C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt |
| Family |
hakbit |
| Ransom Note | To recover your data contact the email below potentialenergy@mail.ru Key Identifier: u6KAYt9nGmuQMCdrum0OHkc8oFALeXODCc0M+SIGWl0RHWRFNFRObERzzs1bC8yGSehrTs/r+3t1oPBCD5nFVaX2jlHdM7uJZ+9QpfbRptA6Exgb2oRueQSL1wuXOgeAk3Vx1HeuBWlAhY/l7h9KeF1ZOa6DFctO2ilM8v7chdQfYN2PVgCPt6BXDU3gGvU3txBQjkhKHTB8/dvbSDGr+Us2ryE8nHIg71ykXZWT2SEHaA61+vpxeG9WJMXwJ1fQfVZQViDajSO3CNCCgH45Goh6VyHz87O4oytDd1YRWFkIebcAzPoXDvbf1Dkr7584xDJ2tV4cH4lK8UCoL0+kjojyOudrYQUX4+9OzjrCaPUObVFP34snpWF0HWQkEI5geV/g17zhmiS8nrNXnEtCmvbUb5SRCdVCdyiD8oIV1XJhElGc89br43JQvD+euWfBX1RtOMw2A/uRIbHGnzmGUv98xoCkQ/3zg3uNVpHAh4241VPXJGvQs1ktYa91mDPbTB7v/mV/4uA/YrHt0P16U1HjZQbSPEKSjxjnSORlmAoWHBhDH9nQ/QOXUosaoJkalsM4ueOurmE51x58dM8cIPVxrOAa/MKuSX3vnSfEv5US3/33W9qI/AdPEVvPpg8tvRzhDBvNYSBSy6NqvtRp12W+4HAcoezFl209ip/uGOI= Number of files that were processed is: 390 |
| Emails |
potentialenergy@mail.ru |
Targets
-
-
Target
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
-
Size
80KB
-
MD5
8152a3d0d76f7e968597f4f834fdfa9d
-
SHA1
c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
-
SHA256
69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
-
SHA512
eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
-
SSDEEP
1536:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/suIicRtpNf8SgRXt+AacRDVX8C4OntD4acN:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/su0
Score10/10-
Hakbit
Ransomware which encrypts files using AES, first seen in November 2019.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation