General

  • Target

    3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1.zip

  • Size

    99KB

  • Sample

    230321-rwvxjsdb2t

  • MD5

    dbe2d0024b682727158b43e3eb1d4232

  • SHA1

    bad4f13c80e654ebd19d95d62991f4f03d3a6197

  • SHA256

    7b175152471f7bb28ed7b5bdee8015e329ba0847cc8ca9e7c8bfef180e3fdd72

  • SHA512

    219a8c148413b3b713d5e9b86d2b8d7febbcd241509f34ba9856ecc37fda3e9eac9681d9f1ffaeae91cd1324039546ea9493c0525f9cd700476940e996febd2c

  • SSDEEP

    3072:FbzGt964NE6vu2H9IRaCzksKppgJgZKxiTrMUQB:oa4Bvui9cKppWgZ/5QB

Malware Config

Extracted

Path

C:\cHpfiXA9s.README.txt

Ransom Note
~~~ XeqtR Ransomeware The world's fastest ransomware ~~~ >>>> Your data is now stolen and encrypted, pleaes read the following carefully, as it is in your best interest. We are sorry to inform you that a Ransomware Virus has taken control of your computer. ALL of your important files and folders on your computer have been encrypted with a military grade encryption algorithm. Your documents, videos, images and every other forms of data are now inaccessible and completely locked, and cannot be unlocked without the sole decryption key, in which we are the ONLY ones in possession of this key. This key is currently being stored on a remote server. To acquire this key and have all files restored, transfer the amount of 500 USD in the cryptocurrency BITCOIN to the below specified bitcoin wallet address before the time runs out. Once you have read this you now have 36 hours until your files are lost forever. If you fail to take action within this time window, the decryption key will be destroyed and access to your files will be permanently lost. If you are not familiar with cryptocurrency and bitcoin, just do a google search, visit bitcoin.org, go on your mobile to Cash App, or pretty much just ask someone and most likely they can explain it. Once again, 500 USD in the form of Bitcoin to this wallet address bc1q8wqyacjzzvrn57d2g7aj35lnr5r8fqv0dn0394 The second you have sent the bitcoin and the transaction verifies another text file will appear on your desktop with the website to get your key, and the simple instructions on how to use it to get your files back. 36 hours starts now, we suggest you do not waste time. For any reason you should need customer service, email [email protected]

Targets

    • Target

      3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1.exe

    • Size

      153KB

    • MD5

      35560fff8fc990948a9252bf20cfc8f5

    • SHA1

      66163cb283c8792ac32c0e2361adc7143d8d319d

    • SHA256

      3e04fe9f427717ca17142603b46c5264fb42621048719721ffa4926c8e9bb6f1

    • SHA512

      9bf7b5aeec71b74012fa36d2af4dc4704e859a564cfbf3b35e44b1af8195a9885292c22a9297b691903c3245a6fae85746590988706e6a4d5dab29937ac13d77

    • SSDEEP

      3072:j6glyuxE4GsUPnliByocWepvdHFdjFpZ/fgyVF0djk:j6gDBGpvEByocWetdHZ/fgKF0

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks