9774f63515c11079e85bc0923e2b9f9941885942944035e019f5c293a2a47f14

General

Target

9774f63515c11079e85bc0923e2b9f9941885942944035e019f5c293a2a47f14
Size

375KB
Sample

231011-hvmp4sah48
MD5

eb73501e7e8d45203ad9beabf5e7ef19
SHA1

d679d4669fcc25a66969b3d7f4d708e695c9d8e3
SHA256

9774f63515c11079e85bc0923e2b9f9941885942944035e019f5c293a2a47f14
SHA512

dd91e015476910197211fde77765cf00dc83761ce42dd93dec506b3c6b0f579c9c9b6860f9c26939ba4c3e64942a1fdaf445a8c0b5391ea070a77cc3802638d4
SSDEEP

6144:RLAb0+lDAA8VbMO1ICxkiIr9LUjqH7E46FW4NcMc2U08/cIwhJMTV:RLIdAAuLls9UjMQJS

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\Message.txt

Ransom Note

contact: [email protected] I) French Version : Vos fichiers importants vidéos, musiques, images,documents …etc sont cryptés avec chiffrement. RSA-2048 et AES-128.Décrypter vos fichiers est uniquement possible à l'aide d'une clé privée et un . programme de décryptage Qui se trouvent sur mon serveur secret Pour décrypter vos fichiers, veuillez suivre les instructions suivantes : 1) Achetez des bitcoins de 300 €, euros ( 0.05 btc ) 2) Envoyez les bitcoins à cette adresse : votre adresse de bitcoin 3) lorsque je reçois les bitcoins , je décrypte vos fichiers contact: [email protected] II) English Version : Your important files videos, music, images, documents ... etc are encrypted with encryption. RSA-2048 and AES-128.Decrypting your files is only possible using a private key and a. decryption program that are on my secret server To decrypt your files, please follow the instructions below : 1) Buy bitcoins from 300 €, euros (0.05 btc) 2) Send bitcoins to this address : your bitcoin address 3) when I receive bitcoins, I decrypt your files

Emails

[email protected]

Extracted

Path

C:\Users\Admin\Music\Message.txt

Ransom Note

contact: [email protected] I) French Version : Vos fichiers importants vidéos, musiques, images,documents …etc sont cryptés avec chiffrement. RSA-2048 et AES-128.Décrypter vos fichiers est uniquement possible à l'aide d'une clé privée et un . programme de décryptage Qui se trouvent sur mon serveur secret Pour décrypter vos fichiers, veuillez suivre les instructions suivantes : 1) Achetez des bitcoins de 300 €, euros ( 0.05 btc ) 2) Envoyez les bitcoins à cette adresse : votre adresse de bitcoin 3) lorsque je reçois les bitcoins , je décrypte vos fichiers contact: [email protected] II) English Version : Your important files videos, music, images, documents ... etc are encrypted with encryption. RSA-2048 and AES-128.Decrypting your files is only possible using a private key and a. decryption program that I will send you. To decrypt your files, please follow the instructions below : 1) Buy €bitcoins from 300 €, euros (0.05 btc) 2) Send bitcoins to this address : your bitcoin address 3) when I receive bitcoins, I decrypt your files

Emails

[email protected]

Extracted

Path

C:\Users\Admin\Desktop\Message.txt

Ransom Note

Contact: [email protected] Your files videos, music, images, documents, etc., are locked and encrypted. Decrypting your files is only possible using a private key that we can e-mail you. To decrypt your files, please follow the instructions below : 1) Buy $25,000 (USD) in Bitcoin 2) Send bitcoins to this address : qpujxjjsrz9mhy95krjyec5ng0zvxruhlur044qsk9 3) Once we receive the bitcoin, we will respond within 2 hours with your quick and easy Decryption Key.

Emails

[email protected]

Targets

- Target
  
  9774f63515c11079e85bc0923e2b9f9941885942944035e019f5c293a2a47f14
- Size
  
  375KB
- MD5
  
  eb73501e7e8d45203ad9beabf5e7ef19
- SHA1
  
  d679d4669fcc25a66969b3d7f4d708e695c9d8e3
- SHA256
  
  9774f63515c11079e85bc0923e2b9f9941885942944035e019f5c293a2a47f14
- SHA512
  
  dd91e015476910197211fde77765cf00dc83761ce42dd93dec506b3c6b0f579c9c9b6860f9c26939ba4c3e64942a1fdaf445a8c0b5391ea070a77cc3802638d4
- SSDEEP
  
  6144:RLAb0+lDAA8VbMO1ICxkiIr9LUjqH7E46FW4NcMc2U08/cIwhJMTV:RLIdAAuLls9UjMQJS
Score

10^/10

ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Extracted

Targets

Checks computer location settings

Deletes itself

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2