52420eb3e32aa15b0c58d0a681b45acf124e0a79fc73c8e32222027eeceaf1b8

General

Target

10680059491.zip
Size

143KB
Sample

230606-rwtdqaef8x
MD5

1aed85b6fc2ef3f4ca900969049ac42b
SHA1

5196e6a37bd7d271a4e6bc2e75baed1bb74137d3
SHA256

52420eb3e32aa15b0c58d0a681b45acf124e0a79fc73c8e32222027eeceaf1b8
SHA512

3b1c0647320c6edf7b849d9ac6b3f15b19b8d6cd4bfeaf69dc70c364f913b4665832d2c80453513096f757f65fe8da9b2cd100f75e3f527f60506b11404137af
SSDEEP

3072:Ea8BF1EKTiNMLT7ErhXEdau5isUBG/P4KlLl8DYpBinxZCARnO:relT+MLahIdYGoG8DmUrCARO

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Readme.1352FF327.txt

Ransom Note

~~~ DarkRace ransomware ~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://wkrlpub5k52rjigwxfm6m7ogid55kamgc5azxlq7zjgaopv33tgx2sqd.onion >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. You can install qtox to contanct us online https://tox.chat/download.html Tox ID Contact: ************************ Mail (OnionMail) Support: [email protected] >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!

Emails

[email protected]

URLs

http://wkrlpub5k52rjigwxfm6m7ogid55kamgc5azxlq7zjgaopv33tgx2sqd.onion

https://tox.chat/download.html

Targets

- Target
  
  0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4
- Size
  
  255KB
- MD5
  
  1933fed76a030529b141d032c0620117
- SHA1
  
  c55c60a23f5110e0b45fc02a09c4a64d3094809a
- SHA256
  
  0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4
- SHA512
  
  b153383ebd9919ff293896381d89a895c58985eef60f67803a4276026631184f4d85c19e9ea06351efb7230226b18ed9a17b533fb602e10ded518a7bd090dcfe
- SSDEEP
  
  3072:iBWxT8JtvyAuX3CGun8r8206BretpJwIiymE9xTRVhGT4z106OKclYQO565tgPYs:iBxrKA4CGu8V0tl9zVhM49OxlYQ8fD3
Score

10^/10

ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (113) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Renames multiple (152) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
behavioral1 behavioral2