Overview

overview

10

Static

static

eda26a1cd8...a0.exe

windows7-x64

10

eda26a1cd8...a0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.zip

  • Size

    555KB

  • Sample

    230107-2a3elseh76

  • MD5

    bfc0d273f125755c8e751d875dec7aec

  • SHA1

    014624e567d36e140eda5fd26e03fa23c711c169

  • SHA256

    021ac9cff2c1219c8057bb7f7d75ad8a06676b459a4bcf5c2d765f8efecfd016

  • SHA512

    d529e92bdce193174577fe9829ef2dbfd8f0c7abb300b46eae2273b7e9b64f77a709bd0dbc3102dd7aecd801bbaf446aab4b96cdca0a79ccdbf72636e69bba8f

  • SSDEEP

    12288:A82ju2T3b6kF4LNCYJmG4XBhZGH8LxZ6792NqR:ATZ6k2QfG8mH97R

Score
10/10
lockergogabankerpersistenceransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note
Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Targets

    • Target

      eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0.exe

    • Size

      1.2MB

    • MD5

      16bcc3b7f32c41e7c7222bf37fe39fe6

    • SHA1

      a25bc5442c86bdeb0dec6583f0e80e241745fb73

    • SHA256

      eda26a1cd80aac1c42cdbba9af813d9c4bc81f6052080bc33435d1e076e75aa0

    • SHA512

      f3e7087f569b3bcc201c006c5dfcea6cf560cad480bc03e6f17790190bc35bf6659e91a9f91219952bd139a3c9afde961032ee1d0861158409206feaa6540f9e

    • SSDEEP

      24576:uj/6CtkHRos9l+zan4Q6eQqF5ZgQibE2zkMiJHic9OuTw258tox6T9G0SKoRl:A/NtkHRos9l+zan4QTB/2zkPtBq2itoP

    Score
    10/10
    lockergogabankerransomwaretrojanpersistencespywarestealer

    • LockerGoga

      LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.

      trojanbankerlockergoga

    • Modifies Installed Components in the registry

      persistence

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks