targetcompany

General

Target

local.exe
Size

125KB
Sample

230606-2cbpnsfh92
MD5

98c7f6b6ddf6a01adb25457e9a3c52b8
SHA1

8fe68e8675b53c801ed110e635e9a9e3d66c9d4d
SHA256

de4c8cc850c5b70212aded154ec4f2ec0836b340397b0b912a0f1434d141a5c6
SHA512

1393e9fcdf844f3c350b961e5bf2669c1739a09009746774cdbbabf6eee28f32d0782524fc57e0b7080eb57183ab38bc8bd83273dff02c67b9b4ba029fb7af67
SSDEEP

3072:BA1LW6KAqdcKNzXjQopiuL5dmTPFtkFeZ5NlGj:BSRKAccKNzNpxL5dWPLJhg

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Music\How to decrypt files.txt

Family

targetcompany

Ransom Note

Your personal identifier: HSTMD3LS0T All files on network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://hye34tlszbt562z34d4k36eia2vq5tnhhd3mimrt5n5cdovbqnan3myd.onion/contact * Follow the instructions on the website. Q: What guarantees? A: Before paying, we can decrypt several of your test files. Files should not contain valuable information. Q: Can I decrypt my data for free or through intermediaries? A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam.�

URLs

http://hye34tlszbt562z34d4k36eia2vq5tnhhd3mimrt5n5cdovbqnan3myd.onion/contact

Targets

- Target
  
  local.exe
- Size
  
  125KB
- MD5
  
  98c7f6b6ddf6a01adb25457e9a3c52b8
- SHA1
  
  8fe68e8675b53c801ed110e635e9a9e3d66c9d4d
- SHA256
  
  de4c8cc850c5b70212aded154ec4f2ec0836b340397b0b912a0f1434d141a5c6
- SHA512
  
  1393e9fcdf844f3c350b961e5bf2669c1739a09009746774cdbbabf6eee28f32d0782524fc57e0b7080eb57183ab38bc8bd83273dff02c67b9b4ba029fb7af67
- SSDEEP
  
  3072:BA1LW6KAqdcKNzXjQopiuL5dmTPFtkFeZ5NlGj:BSRKAccKNzNpxL5dWPLJhg
Score

10^/10

targetcompany evasion ransomware
- TargetCompany
  Ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
  ransomware targetcompany
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Renames multiple (6824) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (6857) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2