c333a0afa8f9c38ff61d3618d8d3c7749e88cbba269c3345706898224da679dd

General

Target

tzw_2.exe
Size

106KB
Sample

230206-1ef7habb9x
MD5

f1ab4f5cbf5fc72c4033699edadc4622
SHA1

858f3f7f656397fcf43ac5ea13d6d4cbe7a5ca11
SHA256

c333a0afa8f9c38ff61d3618d8d3c7749e88cbba269c3345706898224da679dd
SHA512

e4df529da677f28ce5e44d6756f11d3ea35a4170b1a55e745e8a1e971c136c8d2723d485a4776873a085e9e7efdd5ea6d4360ef75a358984aab0160af7393202
SSDEEP

3072:2SXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1M:vHpVCf/mxeBuARij7b8

Score

10^/10

Malware Config

Extracted

Path

\??\M:\Boot\cs-CZ\ReadMe.txt

Ransom Note

Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?71DYTOJDYT 5. and open ticket ---------------------------------------------------------------------------------------- Alternate communication channel here: https://yip.su/2QstD5

URLs

http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?71DYTOJDYT

https://yip.su/2QstD5

Extracted

Path

\??\M:\Boot\bg-BG\ReadMe.txt

Ransom Note

Attention! All your files, documents, photos, databases and other important files are encrypted The only method of recovering files is to purchase an unique decryptor. Only we can give you this decryptor and only we can recover your files. The server with your decryptor is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- 1. Download Tor browser - https://www.torproject.org/ 2. Install Tor browser 3. Open Tor Browser 4. Open link in TOR browser: http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?71LNOQHTVW 5. and open ticket ---------------------------------------------------------------------------------------- Alternate communication channel here: https://yip.su/2QstD5

URLs

http://tzw7ckhurmxgcpajx6gy57dkrysl2sigfrt6nk4a3rvedfldigtor7ad.onion/?71LNOQHTVW

https://yip.su/2QstD5

Targets

- Target
  
  tzw_2.exe
- Size
  
  106KB
- MD5
  
  f1ab4f5cbf5fc72c4033699edadc4622
- SHA1
  
  858f3f7f656397fcf43ac5ea13d6d4cbe7a5ca11
- SHA256
  
  c333a0afa8f9c38ff61d3618d8d3c7749e88cbba269c3345706898224da679dd
- SHA512
  
  e4df529da677f28ce5e44d6756f11d3ea35a4170b1a55e745e8a1e971c136c8d2723d485a4776873a085e9e7efdd5ea6d4360ef75a358984aab0160af7393202
- SSDEEP
  
  3072:2SXsZZXQm4BbJpVIYbQf91G3im/2Ef07JysgIXvjLg2InA5xNyeyvDhORuARBy1M:vHpVCf/mxeBuARij7b8
Score

10^/10

persistence ransomware spyware stealer
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2