Overview

overview

10

Static

static

16764b1733...20.exe

windows7-x64

10

16764b1733...20.exe

windows10-2004-x64

10

Resubmissions

12/10/2022, 06:19

221012-g299bacgaq 10

04/10/2022, 09:54

221004-lw7nfsaeb5 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20.exe

  • Size

    48KB

  • Sample

    221004-lw7nfsaeb5

  • MD5

    4f6173eb23deaff1670b1b2f0f6882fe

  • SHA1

    8b0aa4a785803ebcd71fa71dfe5b3671c1ab6c13

  • SHA256

    16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20

  • SHA512

    192bf3985320e342d6808b5581f2dbcdfaafe57ebd6c08e067b1609568790432f03f7af123e3f7ddeafe94ad2ede11ab295fbc28c9111caf50f66af597e66735

  • SSDEEP

    768:AUAXzPLCUW6R/bUHUWSLa/SET7Q74guCNP:YC16lYHMa7TU3xP

Score
10/10
persistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\RedKrypt-Notes-README.txt

Ransom Note
ALL YOUR FILES HAVE BEEN ENCRYPTED BY THE REDKRYPT RANSOMWARE Why me? RedKrypt doesn't choose victims. Victims choose RedKrypt. How I can recovery my files? You cannot use third party software for decrypt your files: you can use only the official RedKrypt Decryption Tool. Follow this istructions: 1) Copy your decryption ID 2) Write to [email protected] and send your decryption id 3) We'll reply with our conditions, and the decryption tool will be sent to you. YOUR REDKRYPT CLIENT-ID: 94A7BB46078BFBFF000306D2

Extracted

Path

C:\Users\Admin\Desktop\RedKrypt-Notes-README.txt

Ransom Note
ALL YOUR FILES HAVE BEEN ENCRYPTED BY THE REDKRYPT RANSOMWARE Why me? RedKrypt doesn't choose victims. Victims choose RedKrypt. How I can recovery my files? You cannot use third party software for decrypt your files: you can use only the official RedKrypt Decryption Tool. Follow this istructions: 1) Copy your decryption ID 2) Write to [email protected] and send your decryption id 3) We'll reply with our conditions, and the decryption tool will be sent to you. YOUR REDKRYPT CLIENT-ID: 36F4858E078BFBFF000306D2

Targets

    • Target

      16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20.exe

    • Size

      48KB

    • MD5

      4f6173eb23deaff1670b1b2f0f6882fe

    • SHA1

      8b0aa4a785803ebcd71fa71dfe5b3671c1ab6c13

    • SHA256

      16764b173314ddeb7341f18a7b33066a319476847ba715c53c4f0f8e9ed43a20

    • SHA512

      192bf3985320e342d6808b5581f2dbcdfaafe57ebd6c08e067b1609568790432f03f7af123e3f7ddeafe94ad2ede11ab295fbc28c9111caf50f66af597e66735

    • SSDEEP

      768:AUAXzPLCUW6R/bUHUWSLa/SET7Q74guCNP:YC16lYHMa7TU3xP

    Score
    10/10
    ransomwarespywarestealerpersistence

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks