Overview

overview

10

Static

static

7

host.exe

windows10-1703-x64

10

Resubmissions

17/04/2023, 16:21

230417-ttwr6sfb36 7

14/04/2023, 19:45

230414-ygh3rsbe55 10

14/04/2023, 17:37

230414-v7abrsah44 10

13/04/2023, 18:52

230413-xjg3tade34 10

21/03/2023, 18:12

230321-ws9zhsed3y 7

21/03/2023, 18:04

230321-wnvzsscd27 10

21/03/2023, 18:03

230321-wm54daec91 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    host.zip

  • Size

    208KB

  • Sample

    230413-xjg3tade34

  • MD5

    53ce3a5d1987f019f63a0679a2f25bce

  • SHA1

    1db064653e30ca5e82d122bdc4782dac9e941fbb

  • SHA256

    6d95cc3e22440072584093590b2f419891cfbf817c8bf92bb382af39c9abb0b3

  • SHA512

    b068af426806471a85e755fe46afe311935917be2e4a43c8410ef468a5fd1fdbb698877fbd63aededb0d616cbaa992a0a63eda265df081fe4f0edf4c77904ee7

  • SSDEEP

    6144:jW1Qq2GiU6Uc3EAQon8H+zVx/WnqFTC88u+jh:j9RPU6UwX8H2/bOPu+

Score
10/10
evasionransomwaretrojanupx

Malware Config

Extracted

Path

C:\Users\Admin\Documents\BB_Readme_TN9C6FQY.txt

Ransom Note
██████╗ ██╗ █████╗ ██████╗██╗ ██╗██████╗ ██╗ ██╗████████╗███████╗ ███╗ ██╗████████╗ ██╔══██╗██║ ██╔══██╗██╔════╝██║ ██╔╝██╔══██╗╚██╗ ██╔╝╚══██╔══╝██╔════╝ ████╗ ██║╚══██╔══╝ ██████╔╝██║ ███████║██║ █████╔╝ ██████╔╝ ╚████╔╝ ██║ █████╗ ██╔██╗ ██║ ██║ ██╔══██╗██║ ██╔══██║██║ ██╔═██╗ ██╔══██╗ ╚██╔╝ ██║ ██╔══╝ ██║╚██╗██║ ██║ ██████╔╝███████╗██║ ██║╚██████╗██║ ██╗██████╔╝ ██║ ██║ ███████╗ ██║ ╚████║ ██║ ╚═════╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝╚═╝ ╚═╝╚═════╝ ╚═╝ ╚═╝ ╚══════╝ ╚═╝ ╚═══╝ ╚═╝ +-----------------------------------------------------------------------------+ | All your files have been encrypted, your confidential data has been stolen, | | in order to decrypt files and avoid leakage, you must follow our steps. | +-----------------------------------------------------------------------------+ +------------------------------------------------------------------------------------------------------------------------------------+ | 1) Download and install TOR Browser from this site: https://torproject.org/ | | | | 2) Paste the URL in TOR Browser and you will be redirected to our chat with all information that you need. | | | | 3) If you read this message thats means your files already for sell in our Auction. | | Everyday of delaying will cause higer price. after 4 days if you wont connect us, | | We will remove your chat access and you will lose your chance to get decrypted. | | | +------------------------------------------------------------------------------------------------------------------------------------+ +---------------------------------------------------------------------------------------------------+ | Warning! Communication with us occurs only through this link, or through our mail on our Auction. | | We also strongly DO NOT recommend using third-party tools to decrypt files, | | as this will simply kill them completely without the possibility of recovery. | | I repeat, in this case, no one can help you! | +---------------------------------------------------------------------------------------------------+ Your URL: http://a2dbso6dijaqsmut36r6y4nps4cwivmfog5bpzf6uojovce6f3gl36id.onion:81/04627c46c06cdb26c7194498a6c7e4b07aeae2c0d31657c56d681eb133bfa4e4 Your Key to access the chat: ^u9Ctu1vAG%4LOuSF5D|+m5p{bT{Kpvjcc}S^a4mLM6[4g|}(i Find our Auction here (TOR Browser): http://jbeg2dct2zhku6c2vwnpxtm2psnjo2xnqvvpoiiwr5hxnc6wrp3uhnad.onion/
URLs

http://a2dbso6dijaqsmut36r6y4nps4cwivmfog5bpzf6uojovce6f3gl36id.onion:81/04627c46c06cdb26c7194498a6c7e4b07aeae2c0d31657c56d681eb133bfa4e4

http://jbeg2dct2zhku6c2vwnpxtm2psnjo2xnqvvpoiiwr5hxnc6wrp3uhnad.onion/

Targets

    • Target

      host.exe

    • Size

      215KB

    • MD5

      a487c7f8523ac40b5a633d5d885e8d47

    • SHA1

      990a762a0a80da13e716653d9ee1b7f5dc1a0172

    • SHA256

      796531b6bc24d389750d5db0dc3596456b7f050d3bac280f31563ae362e9f120

    • SHA512

      a289b31edcd2850041da6623766d923c30917ea56026b40a288f11a345c25dd00a24e3b5712a59077beea88c9cbc72da5ef9ac61aae6a8e3818e6d1c6819083d

    • SSDEEP

      6144:JqQo2GcU6qc3EAQsnqHSz5x5WnqFPC88uu6o:1nfU6qw/qH85baPuu

    Score
    10/10
    evasionransomwaretrojanupx

    • Windows security bypass

      evasiontrojan

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Windows security modification

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks