b9d85a794dc76d2067d0167e3b86dbe16f65d87f73ad3d616102edd4f7feeccc

General

Target

4ec8cb9d91bd97d75b86d7a22e0caf499c5fbc9edc4a48d838bf77610a736d30.zip
Size

476KB
Sample

221206-3qv6xahe8y
MD5

e4522fb73a3c613682a207882bbceb9c
SHA1

84eb29cb4b0c97a48f2daa295197ed66cdc80771
SHA256

b9d85a794dc76d2067d0167e3b86dbe16f65d87f73ad3d616102edd4f7feeccc
SHA512

1df93996a5905d2de6f310a05aea614e1911f0eea4e6595c6ebee032eaa6555c3c27d69a437f58f2eb1c90e5591dfcb92c3e7519c00630073f3b5797386509b1
SSDEEP

12288:T82RW/7VttQP28+aU3woKi8Bk4794iZ1h:5s/7VtPombfc4q

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\users\admin\contacts\!!FAQ for Decryption!!.txt

Ransom Note

Good day. All your files are encrypted. For decryption contact us. Write here [email protected] We also inform that your databases, ftp server and file server were downloaded by us to our servers. * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss.

Emails

[email protected]

Targets

- Target
  
  bcf0f202db47ca671ed6146040795e3c8315b7fb4f886161c675d4ddf5fdd0c4
- Size
  
  476KB
- MD5
  
  3e96efd37777cc01cabb3401485297aa
- SHA1
  
  f008e568c313b6f41406658a77313f89df07017e
- SHA256
  
  bcf0f202db47ca671ed6146040795e3c8315b7fb4f886161c675d4ddf5fdd0c4
- SHA512
  
  6d864561c6b1e33229da4181ecb14c8358ef3fbcdb996131d87a0b98fb3c4d8453fed4331c8b1d939546b6a7cb246f294bf82ca21799728f114b95d176ace691
- SSDEEP
  
  6144:0qejsgRNGKhy9zzMOss2XWrccaaXCunmifiTbRF7WKHBQAk6Fjt0laAOzrJroCFQ:0m0ymOjZRaMhuF7LhQF6Mla7bu
Score

10^/10

ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies extensions of user files

Deletes itself

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2