General
-
Target
e3ed60d58e437387db50ab2700cd23e1e0ef74509ba53a283dc217b0a0dd07d9
-
Size
4.8MB
-
Sample
231113-kssjpabf7x
-
MD5
dbcc5b770e24a37c0750004be26e9578
-
SHA1
dc95433f6012e2c5277f9a5a7680233d9733f8d9
-
SHA256
e3ed60d58e437387db50ab2700cd23e1e0ef74509ba53a283dc217b0a0dd07d9
-
SHA512
cf1597c71343d6a2e6ccdb39ce454cd99d4d8d9f64acc182af703b1bb2d7aaa580eb8066c9b1ba9febe741bcf97c5cc2454f68e4224b0d91ef241501902045c2
-
SSDEEP
98304:v7NUpgYXGYodb62cV0EbobFMs0yOzZZPj7NUpgYXGYodb62cV0EbobFMs0yOzQ:vpUpLXGB65iEcN0yOzrpUpLXGB65iEcB
Malware Config
Extracted
agenda
-
company_id
QTduEqZI6Q
-
note
-- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from you system/network If you refuse to communicate with us and we do not come to an agreement, your data will be published. Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials-- Credentials Extension: QTduEqZI6Q Domain: p3q5g2qsq4tglsbyhlghzutwr75uyz47ozasrserev7kann5h7qedxid.onion login: BYxo9FGIiH58sNWWzh967d5fQexHPomf password:
Targets
-
-
Target
PSEXESVC.exe
-
Size
189KB
-
MD5
44118d8fb41634b3d8d8b1c6fdf9c421
-
SHA1
2c27a865b3ab1f0bd2ea1e8f7298b5ef9348c5ac
-
SHA256
cc14df781475ef0f3f2c441d03a622ea67cd86967526f8758ead6f45174db78e
-
SHA512
ab62931669555dc1daf63f73f4d57a6d9bfc94dc087d859f7719648bad48d1626f9760f1b8cd7f76340943d8d69df1734bb657ca2b83855686792182809b07b4
-
SSDEEP
3072:iR+zpegrEiHunfFqNmIWhn01GGXqw7Wnh5rebFHh9aohhx0dUFyMLooZ3/3yqp/5:o+zpegrEiHuf+mZhn01N7Wnh5rebL9/9
Score1/10 -
-
-
Target
forig.exe
-
Size
3.9MB
-
MD5
27916b78420727104e04815ae0ebb666
-
SHA1
afea3b311863e6b785a7f610c97665da46c504a7
-
SHA256
da88906ae89d1323e6c314e2f5b9c4aed73b930fb989aa94ba2f2efcb4c6543c
-
SHA512
9fbbccda0cc63d989adcba07b03d369b3dd8483216b6431c02f976a02dab86802ee434b954dddc2df076ac2bdf13ddc66fb2d92b3f8a7f539be802b6091e4b80
-
SSDEEP
49152:r4XomcoDCT9Vv8+n6/7aWBRogspm541YzoI1DK+GCzJ573cj/ja8Rhe901MxZOp8:rAodT9VE+n6/73BegsSOI1DKFCvLib7
Score10/10-
Agenda Ransomware
A ransomware with multiple variants written in Golang and Rust first seen in August 2022.
-
-
-
Target
win.exe
-
Size
3.9MB
-
MD5
27916b78420727104e04815ae0ebb666
-
SHA1
afea3b311863e6b785a7f610c97665da46c504a7
-
SHA256
da88906ae89d1323e6c314e2f5b9c4aed73b930fb989aa94ba2f2efcb4c6543c
-
SHA512
9fbbccda0cc63d989adcba07b03d369b3dd8483216b6431c02f976a02dab86802ee434b954dddc2df076ac2bdf13ddc66fb2d92b3f8a7f539be802b6091e4b80
-
SSDEEP
49152:r4XomcoDCT9Vv8+n6/7aWBRogspm541YzoI1DK+GCzJ573cj/ja8Rhe901MxZOp8:rAodT9VE+n6/73BegsSOI1DKFCvLib7
Score10/10-
Agenda Ransomware
A ransomware with multiple variants written in Golang and Rust first seen in August 2022.
-