Overview

overview

10

Static

static

1

60e9e8e25b...f8.exe

windows7-x64

9

60e9e8e25b...f8.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9026796187.zip

  • Size

    410KB

  • Sample

    230205-ycp1hsea3x

  • MD5

    b6d0abf90ae25e5b2d04727c34befae4

  • SHA1

    8d28076a415515c43678eba9208d89bfd43f62c3

  • SHA256

    1ec20de300a0be44359180329d121bced70f2578b534ac149ccd174e26227f2a

  • SHA512

    7ae98a29e876c1ef15b5bdd200d0b1b70703c45afcf248ec0c581b6d13c987c9d3770d6e3be9891817272258c61c74cce75bdc0989baec5dc5a18435ac0eab55

  • SSDEEP

    12288:eAPAuowcLnNCe1DhlX/Muhn2yuM5gzQoMovIh5NEF2+Y:e/S7MuuoMmzQsvIhclY

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\instructions_read_me.txt

Ransom Note
ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Login ID: cec2c64c-8fa0-4324-a5b1-d685d2dc770d *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.
URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

    • Target

      60e9e8e25b64eabb59dc8667c286d91a8f4c6b6f9ea9aa12b55e7a2cb78d15f8

    • Size

      878KB

    • MD5

      53ed242cc1b693138f343559ae6a1de3

    • SHA1

      ad723af94284a92ce6676d0859ffea5f9b0c9730

    • SHA256

      60e9e8e25b64eabb59dc8667c286d91a8f4c6b6f9ea9aa12b55e7a2cb78d15f8

    • SHA512

      e459a31855e562e790b17997ccf1a2066f5a9a58fc4e1cab01604e3e72a0ad99f94b608623942dc54de5dcd0143bd5515fd7a2e5e252b6bf7f6a51f3927051cd

    • SSDEEP

      24576:MnWm1NxNinACvX33FbSOL973ggxM1px+Rkk:INxgnA2bSOL97fxCpx+Rkk

    Score
    10/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks