maze

General

Target

d65fa9ed1220cfa12d22239ca62a4b5978bb613090fc1dcb0cccdf191151d125.exe
Size

351KB
Sample

230919-pr1k5aba64
MD5

391370b48b8f64f86c628742b03de53a
SHA1

0c4ef4daef2458ae999d2d3bf3ee837491369a25
SHA256

d65fa9ed1220cfa12d22239ca62a4b5978bb613090fc1dcb0cccdf191151d125
SHA512

62527b56eb597c1a177f154793f0734ed3e54df7dfd36e619f07a44cee2e22190920fbd15d34a5c8fcdd54853cbad95a797c6fbadc0f5f19ddf25b13945b4adf
SSDEEP

6144:nNlHAp8tUArLrLrLfMemq5MmsCdKSXZ/cJlCJ6AWJE9V50DErTNg/ydlb4fQ6wFL:G4DmGw6yDKNg6dNoQl+v

Score

10^/10

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\DECRYPT-FILES.html

Ransom Note

<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000080; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 25%;"> <span class="left" style="font-size: 14px; font-weight: bold">CODE: <br>------ <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 </span> </td> <td style="width: 50%;"> <div style="text-align: center; font-size: 20px;"> <p><s>0010 SYSTEM FAILURE 0010</s></p> <p>*********************************************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>*********************************************************************************************************************</p> <br> </div> <div style="text-align: center; font-size: 18px;"> <p>The only way to decrypt your files, is to buy the private key from us.</p> <p>You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data.</p> <p>In order to receive the private key contact us via email: <br> <b>[email protected]</b> </p> <p>Remember to hurry up, as your email address may not be avaliable for very long.<br>Buying the key immediatly will guarantee that 100% of your files will be restored.</p> <p>Below you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br> <p>Base64: </p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">cY0HVhEfTD58lKe0pDIdvfqOgM7V009kHcNruG+gs1G/auauwaGM7u4LgC5pXKDpJIJf9huppcD9pfAwajVeiFZflbZ/iYVrboUdUpiDQcfe20GIGmlxiPsq3QJaV78fOX5bfvdpirdsAKgH19Y5GtfBwueQ+4L62Hki3+pnT+1DnkwnbLjgna9NxsLhY3Irner+U8oJVV9elafqYp3EokoRwfM1pTKRLKvF6zLaGeZu0U+pkbHVW6irYUo2ieVHxskFYBwWCkA9Droa+UQ3yMdFgRL10KR+74ErcsqFh+uBhkoGeTDwuoMbPFvMWtI6nPuAUuOh2jckLpuAm+O+Izm9WQqDPpS2bGtBNkiFjhZfmC37423GQSGExzd1oHotbAERrdkAy9k3kHxCHVN5v5UxEUOaTMcNajGDLjvNh5JO0bMGRiB+lVDAsaBjssOFSOAPJxZkD7m2alckMhegwDb4V2MAtsMDSEly8hzzTbFSdJ3LpZX0EUYH+N7JGUrX2PScPN4kRB7qFT1AC1ayUteK44zBANfpRMQFW6mudEhpDZR2/cWAQ3Si0oOOPX2i9uZa+j4vAl05YN8KI07kOjxU/BXK/zeV6QaGH9Fi8MSZmnZOOTBjmEFKZTo1u/bBB0nCA89O6cNUERaFWmFmJntxLkqCWzQWj9Vz+gVILe3jRtXBXB6MCsZuUV7MvnxOZA0Fz5f8P+APtnxE5RTHhJZ3IzorrlFraTFt5SFov5oH0qHfXnDW00VQvAuja45t7/P45hSY2ruzg0fOu3DUTFkw/w3t8Nq9zE/+VscUw1Cycdpebui5xDjz4lTYjICd6hI/8pdofN+BoV6f6QdUr81t5j3myH4aTU0gBpYu5CHChMgALA0vhfzSjA2IoL+nAZAKYUE+Bhn1B7kRNQnIfycSZIkriL7ToJLKifV7lnZ0TG2Bdosad5hCzADbzeSbRLbdeY/L8cAHb0ptw0cX57uJKxNZliZl6SVe5VKJf+2RzKvuNSzm+jUXW/pJ5MrvLbYBwibvxlZBeP8GBkU5Nehl9wOPJrPhq3rZRJ4TRfuAkElLKfgHY/L2BybttuK9muU2HCwpRe3qcGvc4/RWo3W9p/tIX/W/88GMKUClXLbJ5U7RTQlikhWdia3dXY4PLdV6rSrirQYyYRAjPeVZr4DIoTSh6Qt2e/udtn9CCRKKyOTgkICj8QHX6KW7QfYQ9VMW8K1xZgxFz7BFrdduIwtj8AHJfLfVOwNKmYxWzdTknY5ejNMkXchvU+XatP/bkuC7gV6da2kXZepI5c+xWQhzVJhj4pHXnVWOr2T2WCZFWh70je2yQF8LTXSocm8aSwtZENrkEiC70NvF9qzmEqurZRDi49wLlj5zP5tlH1hZ6nddCrFCnXkpOswY2+53ARywoDhbJ0nCRkoetO07IcOlFGOsxzRM4wRzrCAnsGh/XmWvst5XefHdxu19XL85bviEAQo2flWJ75ZqaoUYMvXfKBgXS0noqAyAn55g0RHVc/Crhi6OIv9PHYihk1fnahie8Vkvz/DVP4n2wMRZ80wIe6O+Pn5uJZ2KuHnGlQEmCCs2w5btsHVvgy3jKOUTbl1AwEu3o246AbR+SettJ5SAiUtPX7xtwcy/1XXsFGmP0rVgqcxF5A/t0Vd/G1MDluqSmf1u7nhTUw/uvloKwYF48p8fBKpFDdCFZ+338orE/h6N9OUPej9OhUIpkc6OkdxDhosyp8InbsYzhkHzSqGpp4Lq+WytI6UoUPspzOqs8ptYf3PqMnPtpl9+sUK6bDNcfezZDrcLHs8/EqsjfhSkbaqRCYFUOBDeEskqF291UIcaWhfjQ98Is8qWj+oCwRu1FxwllobbcQ0FAI5nzk/+BDD/KF86GjIeNrjfcKv5pvoAOMsBOhOAYhozXpau5MgD4UKCpdixt37bQPPNlV9QluNUk6MqKUMsDIfy7osoVMH/K3ZacLXRJu3Ts0D6ehBIdbSyGQOzT24Zqs4tC6retlqZ/FcEV6aDuUP7H+WXgrKB83XVpuWxmBhnwcJcBdIJwHG1iHqdhpcy3yFE0HjChGkdJ3ltjt45NbqKE+fVRSB+gZTyM/tT/EVMJEkRVZ+3YbTp0LS9aF8zi6TCNAJH9RslZ6F7+laiLperHwOEZXBMwUkUaRMbNechS+spqKD+J6Nsb3P29VcvLWOB/MwkE/c72wlcm5EbOZ2vOunndv4k4CtkNM+4aXOlGEHxFzJIoQoiOAA5AGMANgAwADkAYgA0ADIANwA1ADEANwAwADUANAAAABCAYBoMQQBkAG0AaQBuAAAAIhJTAFgAVQBZAFAATgBFAFQAAAAqDG4AbwBuAGUAfAAAADIsVwBpAG4AZABvAHcAcwAgADEAMAAgAEUAbgB0AGUAcgBwAHIAaQBzAGUAAABCVnwAQwBfAEYAXwAyADAANAA4ADAALwAyADQAMQAzADYAMQB8AEQAXwBVAF8AMAAvADAAfABGAF8ARgBfADIAMAA0ADIAMQAvADIAMAA0ADcAOQB8AAAASABQQFiJCGCJCGiJCHDr6N5yeASAAQGKAQMxLjA=<span class="tooltiptext">Click here to copy</span></p></div></td><td style="width: 25%; text-align: right;"><span class="right" style="font-size: 14px; font-weight: bold">IMMINENT SHUTDOWN:<br>------<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00</span></td></tr></table></body></html>

Emails

<b>[email protected]</b>

Targets

- Target
  
  d65fa9ed1220cfa12d22239ca62a4b5978bb613090fc1dcb0cccdf191151d125.exe
- Size
  
  351KB
- MD5
  
  391370b48b8f64f86c628742b03de53a
- SHA1
  
  0c4ef4daef2458ae999d2d3bf3ee837491369a25
- SHA256
  
  d65fa9ed1220cfa12d22239ca62a4b5978bb613090fc1dcb0cccdf191151d125
- SHA512
  
  62527b56eb597c1a177f154793f0734ed3e54df7dfd36e619f07a44cee2e22190920fbd15d34a5c8fcdd54853cbad95a797c6fbadc0f5f19ddf25b13945b4adf
- SSDEEP
  
  6144:nNlHAp8tUArLrLrLfMemq5MmsCdKSXZ/cJlCJ6AWJE9V50DErTNg/ydlb4fQ6wFL:G4DmGw6yDKNg6dNoQl+v
Score

10^/10

maze ransomware spyware stealer trojan
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral1