9bfab0f04edf1870582f6b67bf4b5d0749ad96140326fea417e1541fae157692

General

Target

9018553326.zip
Size

392KB
Sample

230205-ycs26saf22
MD5

a91a5c285eb0b31c072c2ab7d4a7abbf
SHA1

37fe288068940febc58e95b81bf2b9a10ad322a6
SHA256

9bfab0f04edf1870582f6b67bf4b5d0749ad96140326fea417e1541fae157692
SHA512

d0567ec1c8d1704ea49af44d0c531c679c70a37f7304f620b86ca72c6f6307dc121b723eca47c95c11ad2676630582ddb59b6fdf6b3c0d62b0cd5bc7c5d909e9
SSDEEP

6144:Cw5sfqY0ysF70hJRl7gCdT6jL9qcLhe4HLBjy8fLaLOoHIJ7qoOCVfSggAKvHF4X:B58/s630CqlnHdoHgqoO2fS3HvHAb

Score

10^/10

Malware Config

Extracted

Path

C:\instructions_read_me.txt

Ransom Note

ATTENTION! Your network has been breached and all data was encrypted. Please contact us at: https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/ Login ID: *!* To access .onion websites download and install Tor Browser at: https://www.torproject.org/ (Tor Browser is not related to us) *!* To restore all your PCs and get your network working again, follow these instructions: - Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. It doesn't matter, who are trying to do this, either it will be your IT guys or a recovery agency. Please follow these simple rules to avoid data corruption: - Do not modify, rename or delete files. Any attempts to modify, decrypt or rename the files will lead to its fatal corruption. - Do not hire a recovery company. They can't decrypt without the key. They also don't care about your business. They believe that they are good negotiators, but it is not. They usually fail. So speak for yourself. Waiting you in a chat.

URLs

https://aazsbsgya565vlu2c6bzy6yfiebkcbtvvcytvolt33s77xypi7nypxyd.onion/

Targets

- Target
  
  83fc7095a91dc016bdbd965ae09182ea1d1a5b287cbfa4b0f3a58754336c8c33
- Size
  
  831KB
- MD5
  
  426d0d1f8599f94566fbf7c83263e9e1
- SHA1
  
  df1c7a2b6e79b4739b35dfae7f6294d26365fe28
- SHA256
  
  83fc7095a91dc016bdbd965ae09182ea1d1a5b287cbfa4b0f3a58754336c8c33
- SHA512
  
  771a9ba38897ec7d3c147c84c1b75aa24419a9d961bc6ddede981742f3a2f2fea56ec4862781d438775c0cd591da3551f0adfd4532a8b49e90e96fccb3debeb1
- SSDEEP
  
  24576:Pp90IpCQl3HlHI+9tgPH3UcJvexeQRRoDr:h90gl3H1tgPH3NJveUQRRoDr
Score

10^/10

ransomware spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

10^/10

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2