Overview

overview

10

Static

static

10

bf5f4d7b6e...02.exe

windows7-x64

10

bf5f4d7b6e...02.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bf5f4d7b6ef1fdb903677e4ede04fb49952e08cee79822b9b53642bb5d1e6f02.exe

  • Size

    4.6MB

  • Sample

    230418-gqapbabf2w

  • MD5

    cfd31737ccacf6e9a0e2ac18cf3445ac

  • SHA1

    74c615ca54aaff3c5e6734efef04259290c357ba

  • SHA256

    bf5f4d7b6ef1fdb903677e4ede04fb49952e08cee79822b9b53642bb5d1e6f02

  • SHA512

    a2d1cae0864e66f92c10932df8dd5782ad47579404a6f9112d0e0f7287427fe56dc70aadf77baf8d9e5665cbc5eb26ee58ad9f401b0164cbf054a581c8bda98f

  • SSDEEP

    98304:OOTXCHbq9evuviwF+Mc42HfPt5Sqg9pkJ9:3LCHbqwvuvi40HN5Tgi9

Score
10/10
snatchransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT

Ransom Note
Hello! All your files are encrypted, write to me if you want to return your files - I can do it very quickly! Contact me by email: support911@cock.li or Xilttbg@Tutanota.com The subject line must contain an encryption extension or the name of your company! Do not rename encrypted files, you may lose them forever. You may be a victim of fraud. Free decryption as a guarantee. Send us up to 3 files for free decryption. The total file size should be no more than 1 MB! (not in the archive), and the files should not contain valuable information. (databases, backups, large Excel spreadsheets, etc.) !!! Do not turn off or restart the NAS equipment. This will lead to data loss !!!
Emails

support911@cock.li

Xilttbg@Tutanota.com

Targets

    • Target

      bf5f4d7b6ef1fdb903677e4ede04fb49952e08cee79822b9b53642bb5d1e6f02.exe

    • Size

      4.6MB

    • MD5

      cfd31737ccacf6e9a0e2ac18cf3445ac

    • SHA1

      74c615ca54aaff3c5e6734efef04259290c357ba

    • SHA256

      bf5f4d7b6ef1fdb903677e4ede04fb49952e08cee79822b9b53642bb5d1e6f02

    • SHA512

      a2d1cae0864e66f92c10932df8dd5782ad47579404a6f9112d0e0f7287427fe56dc70aadf77baf8d9e5665cbc5eb26ee58ad9f401b0164cbf054a581c8bda98f

    • SSDEEP

      98304:OOTXCHbq9evuviwF+Mc42HfPt5Sqg9pkJ9:3LCHbqwvuvi40HN5Tgi9

    Score
    10/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

2
T1107

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Tasks