General

  • Target

    green_x86.bin.zip

  • Size

    92KB

  • Sample

    230712-3c4wwseh69

  • MD5

    93af250401992aae063712818c19b588

  • SHA1

    f1dabd390931b6dac021a4171ba678f1fcb5ccf7

  • SHA256

    5f36522c45a90cfef0b9bfaf12ebbf89ec9e235cab642f994e6085c2595d6dc7

  • SHA512

    bd400c895122d470df98c1d4dbeb923115c738b2a02df6604c727e83b7abf14f29393ce6ac3bb087a0ea158a01884bf6558f5b44b48c4fbac3ad20326a5f62e3

  • SSDEEP

    1536:kCS3iipMQE0V0OEKo6jgTrB6drnNlyM6zLFxAZumgo+cLv5NMavFzBeQiJ7Xa9i9:kCSSiWd0PEK6B6dxeFxAZumvx5Nlv9iF

Malware Config

Extracted

Path

C:\rAFJZeQkr.README.txt

Ransom Note
----------- [ Hello! ] -------------> What happend? ---------------------------------------------- Your computers and servers are encrypted, it is impossible to decrypt your data without a personal encryption key. You can buy a decryptor and a key from us, with which you can recover all the files. We will also inform you about the weaknesses in your network, which will help prevent similar incidents in the future. Free decryption as guarantee Before paying you can send us up to 3 files for free decryption. The total size of files must be less than 4Mb (non archived), and files should not contain valuable information(databases,backups, large excel sheets, etc.) If you don't contact us within 3 days the cost of decryption will be 30 percent more than the initial price. And after 10 days the decryption keys will be permanently deleted and then even we can't help you. If you continue to ignore it for a long time, we will start to report the hack to the mainstream media and put your data on the dark web. How to contact us? ---------------------------------------------- email: [email protected] email2: [email protected] Attention! ---------------------------------------------- Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Targets

    • Target

      green_x86.bin

    • Size

      147KB

    • MD5

      30115f160eb4a2f91a649f1b7c94599d

    • SHA1

      66a01eeeebf786e3562d34195074a5caf81d2c35

    • SHA256

      238d05df779603163a11bbc75ad50b95f3fac0a107f1187f43756bcc94f283c5

    • SHA512

      82cc647b1d853354948d4ae379c0a7e5cf981ad27b6ee7cb609c674cb1ef8a79dc078bd746e56f427f8fc7576dfbf10bff3239d36bad394971575657711eecef

    • SSDEEP

      1536:XzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDyGAJKocBYOR5FTLu5VnH+RJJXo:oqJogYkcSNm9V7D/UKhhGPHWJZUT

    • Renames multiple (586) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v6

Tasks