6d3312e3992dc1244be5518718bb42558057f7ec59a50009892846acf58481d9

General

Target

tzw_1.exe
Size

106KB
Sample

230206-1ea1gsbb9v
MD5

341c316be98f624f7321d198c5345bc9
SHA1

d034880d1233d579854e17b6ffad67a18fb33923
SHA256

6d3312e3992dc1244be5518718bb42558057f7ec59a50009892846acf58481d9
SHA512

52458d639d66cc8f09e80bd958e01041c8a24c6d2448f0deaaf643ec5fc6902e4db9491897bc6cd836a766f74e60d5c1a2bd9457dba7a7cae047f0c757e3efa3
SSDEEP

3072:USXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1/:dHpVCf/mxeBuARO+7b8

Score

10^/10

Malware Config

Extracted

Path

\??\M:\Boot\cs-CZ\ReadMe.txt

Ransom Note

Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?72YITDOYJT 5. and open ticket ---------------------------------------------------------------------------------------- Alternate communication channel here: https://yip.su/2QstD5

URLs

http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?72YITDOYJT

https://yip.su/2QstD5

Extracted

Path

C:\odt\ReadMe.txt

Ransom Note

Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?72YABDFGIK 5. and open ticket ---------------------------------------------------------------------------------------- Alternate communication channel here: https://yip.su/2QstD5

URLs

http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?72YABDFGIK

https://yip.su/2QstD5

Targets

- Target
  
  tzw_1.exe
- Size
  
  106KB
- MD5
  
  341c316be98f624f7321d198c5345bc9
- SHA1
  
  d034880d1233d579854e17b6ffad67a18fb33923
- SHA256
  
  6d3312e3992dc1244be5518718bb42558057f7ec59a50009892846acf58481d9
- SHA512
  
  52458d639d66cc8f09e80bd958e01041c8a24c6d2448f0deaaf643ec5fc6902e4db9491897bc6cd836a766f74e60d5c1a2bd9457dba7a7cae047f0c757e3efa3
- SSDEEP
  
  3072:USXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1/:dHpVCf/mxeBuARO+7b8
Score

10^/10

persistence ransomware spyware stealer
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2