Overview

overview

10

Static

static

1

a928964f06...20.exe

windows7-x64

10

a928964f06...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20

  • Size

    376KB

  • Sample

    230817-hqpc5sga46

  • MD5

    7775825b7abdaed99d1bc135393ed739

  • SHA1

    bd0b6fd129c333d6b90f8cf1026825e86b8224e3

  • SHA256

    a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20

  • SHA512

    0761a7ecd784537f11cb78c0a0225c2f1e8c2cfbd86850e46092dd4927fc05fdee9c9f1ca87500bfd6b20cebe7485fbb63cac4b58d4984e8377dbc75e5303e65

  • SSDEEP

    6144:/xbJ+lDAAqBVbMO1ICxkiIr9LUjqH7E46FW4NcMc2U08/cIwhJMTi0:/SdAAoLls9UjMQJs

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Message.txt

Ransom Note
contact: [email protected] I) French Version : Vos fichiers importants vidéos, musiques, images,documents …etc sont cryptés avec chiffrement. RSA-2048 et AES-128.Décrypter vos fichiers est uniquement possible à l'aide d'une clé privée et un . programme de décryptage Qui se trouvent sur mon serveur secret Pour décrypter vos fichiers, veuillez suivre les instructions suivantes : 1) Achetez des bitcoins de 300 €, euros ( 0.05 btc ) 2) Envoyez les bitcoins à cette adresse : votre adresse de bitcoin 3) lorsque je reçois les bitcoins , je décrypte vos fichiers contact: [email protected] II) English Version : Your important files videos, music, images, documents ... etc are encrypted with encryption. RSA-2048 and AES-128.Decrypting your files is only possible using a private key and a. decryption program that are on my secret server To decrypt your files, please follow the instructions below : 1) Buy bitcoins from 300 €, euros (0.05 btc) 2) Send bitcoins to this address : your bitcoin address 3) when I receive bitcoins, I decrypt your files

Extracted

Path

C:\Users\Admin\Desktop\HOW TO RECOVER YOUR FILES.txt

Ransom Note
contact: [email protected] contact: [email protected] II) English Version : Regrettably, your files have been encrypted with RSA-2048 and AES-128. You may decrypt and recover your files by sending $300 in Bitcoin to this address: STILLNEEDADDY Include your Bitcoin transaction I.D. in your e-mail. We will reply within 2 (two) hours with your digital key and instructions for quickly recovering your files! PLEASE NOTE: Should you decline this solution, your files will be permanently deleted, and published online with your personal information.

Targets

    • Target

      a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20

    • Size

      376KB

    • MD5

      7775825b7abdaed99d1bc135393ed739

    • SHA1

      bd0b6fd129c333d6b90f8cf1026825e86b8224e3

    • SHA256

      a928964f062125cc32863a361a0554939f391a2e54a614c9c20c441f638a2f20

    • SHA512

      0761a7ecd784537f11cb78c0a0225c2f1e8c2cfbd86850e46092dd4927fc05fdee9c9f1ca87500bfd6b20cebe7485fbb63cac4b58d4984e8377dbc75e5303e65

    • SSDEEP

      6144:/xbJ+lDAAqBVbMO1ICxkiIr9LUjqH7E46FW4NcMc2U08/cIwhJMTi0:/SdAAoLls9UjMQJs

    Score
    10/10
    ransomware

    • Renames multiple (58) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Deletes itself

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks