512587a73cd03c6324ade468689510472c6b9e54074f3cf115aa54393b14f037

Sharing

Copy URL

Twitter E-mail

General

Target

512587a73cd03c6324ade468689510472c6b9e54074f3cf115aa54393b14f037.exe
Size

160KB
Sample

230214-prc5tsdc84
MD5

152355ae53f89b83d40983afa3d9726b
SHA1

8c11109da1d7b9d3e0e173fd24eb4b7462073174
SHA256

512587a73cd03c6324ade468689510472c6b9e54074f3cf115aa54393b14f037
SHA512

f40a3720d2eed19a65cde2b6ae58e4592ff64df1f404924e2349a35190ac82a0d2a4f156e6c38683f0b894a9734c0ceb2cdd4feabb4570a688a8b8d415a9c2f9
SSDEEP

3072:TED2Kh981MM446KtP45ENVvGDGZuqPapy2RH7RDbZTC:Qq745eCoskuqcFDd

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt

Ransom Note

??? What happend??? !!! Your files are encrypted !!! *All your files are protected by strong encryption with RSA-2048.* *There is no public decryption software.* ###### Program and private key, What is the price? The price depends on how fast you can pay to us. 1 day : 40 Bitcoin 2 day : 60 Bitcoin 3 day : 90 Bitcoin 4 day : 130 Bitcoin 5 day : permanent data loss !!!! Btc Address: bc1qakuel0s4nyge9rxjylsqdxnn9nvyhc2z6k27gz *Free decryption As a guarantee, you can send us up to 3 free decrypted files before payment, include this file [c:\users\public\key].* email: fishA001@protonmail.com !!! Do not attempt to decrypt your data using third-party software, this may result in permanent data loss. !!! Our program can repair your computer in few minutes. 16��

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.txt

Ransom Note

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ErrorPage.html

Ransom Note

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\LoadingPage.html

Ransom Note

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\TestSharePage.html

Ransom Note

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\ThirdPartyNotices.txt

Ransom Note

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\dd_NDP472-KB4054530-x86-x64-AllOS-ENU_decompression_log.txt

Ransom Note

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI16EC.txt

Ransom Note

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\dd_vcredistUI1716.txt

Ransom Note

Emails

fishA001@protonmail.com

Extracted

Path

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yrilf55p.default-release\pkcs11.txt

Ransom Note

Emails

fishA001@protonmail.com

Targets

- Target
  
  512587a73cd03c6324ade468689510472c6b9e54074f3cf115aa54393b14f037.exe
- Size
  
  160KB
- MD5
  
  152355ae53f89b83d40983afa3d9726b
- SHA1
  
  8c11109da1d7b9d3e0e173fd24eb4b7462073174
- SHA256
  
  512587a73cd03c6324ade468689510472c6b9e54074f3cf115aa54393b14f037
- SHA512
  
  f40a3720d2eed19a65cde2b6ae58e4592ff64df1f404924e2349a35190ac82a0d2a4f156e6c38683f0b894a9734c0ceb2cdd4feabb4570a688a8b8d415a9c2f9
- SSDEEP
  
  3072:TED2Kh981MM446KtP45ENVvGDGZuqPapy2RH7RDbZTC:Qq745eCoskuqcFDd
Score

10^/10

persistence ransomware spyware stealer
- Modifies Installed Components in the registry
  persistence
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

10^/10

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Extracted

Targets

Modifies Installed Components in the registry

Drops startup file

Reads user/profile data of web browsers

Drops desktop.ini file(s)

Enumerates connected drives

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2