Overview

overview

10

Static

static

a851d38764...7b.exe

windows7-x64

10

a851d38764...7b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b

  • Size

    48KB

  • Sample

    221005-vz2q2sfcbr

  • MD5

    2d00a47dc5e334f9e81f05330c83a119

  • SHA1

    64a464bd6d0aedb623c9ffc278866b36828db40f

  • SHA256

    a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b

  • SHA512

    2ae6d14f9b8d84aeff03e2202988238c6d3dde42b509352519b1aa7c543f66b2a3779f52ec491ae4e6ab585a023df0d663e148b5396e3501ec49d9c786908b19

  • SSDEEP

    768:JUAX97+ePJejdj1LiRrdHNyGAvP5kRW/7bJvutNN:jpRidBLilVNUP5j/P9sN

Score
10/10
ransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\RedKrypt-Notes-README.txt

Ransom Note
ALL YOUR FILES HAVE BEEN ENCRYPTED BY THE REDKRYPT RANSOMWARE Why me? RedKrypt doesn't choose victims. Victims choose RedKrypt. How I can recovery my files? You cannot use third party software for decrypt your files: you can use only the official RedKrypt Decryption Tool. Follow this istructions: 1) Copy your decryption ID 2) Write to rexplo8sdh1ba6ta18lacue8v9@gmail.com and send your decryption id 3) We'll reply with our conditions, and the decryption tool will be sent to you. YOUR REDKRYPT CLIENT-ID: BC40DA2B078BFBFF000306D2
Emails

rexplo8sdh1ba6ta18lacue8v9@gmail.com

Extracted

Path

C:\Users\Admin\Desktop\RedKrypt-Notes-README.txt

Ransom Note
ALL YOUR FILES HAVE BEEN ENCRYPTED BY THE REDKRYPT RANSOMWARE Why me? RedKrypt doesn't choose victims. Victims choose RedKrypt. How I can recovery my files? You cannot use third party software for decrypt your files: you can use only the official RedKrypt Decryption Tool. Follow this istructions: 1) Copy your decryption ID 2) Write to rexplo8sdh1ba6ta18lacue8v9@gmail.com and send your decryption id 3) We'll reply with our conditions, and the decryption tool will be sent to you. YOUR REDKRYPT CLIENT-ID: 36F4858E078BFBFF000306D2
Emails

rexplo8sdh1ba6ta18lacue8v9@gmail.com

Targets

    • Target

      a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b

    • Size

      48KB

    • MD5

      2d00a47dc5e334f9e81f05330c83a119

    • SHA1

      64a464bd6d0aedb623c9ffc278866b36828db40f

    • SHA256

      a851d387648348b23d00c555f2a3db866088289dfcf7eb20a593f94dfc63ad7b

    • SHA512

      2ae6d14f9b8d84aeff03e2202988238c6d3dde42b509352519b1aa7c543f66b2a3779f52ec491ae4e6ab585a023df0d663e148b5396e3501ec49d9c786908b19

    • SSDEEP

      768:JUAX97+ePJejdj1LiRrdHNyGAvP5kRW/7bJvutNN:jpRidBLilVNUP5j/P9sN

    Score
    10/10
    ransomwarespywarestealer

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks