Overview

overview

10

Static

static

10

ee24110ddb...a3.dll

windows7-x64

10

ee24110ddb...a3.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ee24110ddb4121b31561f86692650b63215a93fb2357b2bd3301fabc419290a3.dll

  • Size

    3.6MB

  • MD5

    37155f0bca29ccd6b6d4f5b2bc42eb4d

  • SHA1

    998f5e133484d7b9186b82b2c96a0f6bfdf3f394

  • SHA256

    ee24110ddb4121b31561f86692650b63215a93fb2357b2bd3301fabc419290a3

  • SHA512

    a71694509ec161fd03e5c38ab61f48fa73547402efbf637ae058ad235d77e3f85973131fdabde34f33b94502f5ab7e1b20f4564d0e73d6544ef4659288877652

  • SSDEEP

    98304:wZgC/TFBEKgU3fp9qupTBzCkyZQwFwPD+8th5Gf:wZgCTDgU3fp9RpTBCkyZYUf

Score
10/10
agenda

Malware Config

Extracted

Family

agenda

Attributes
  • company_id

    QTduEqZI6Q

  • note

    -- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from you system/network If you refuse to communicate with us and we do not come to an agreement, your data will be published. Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials-- Credentials Extension: QTduEqZI6Q Domain: p3q5g2qsq4tglsbyhlghzutwr75uyz47ozasrserev7kann5h7qedxid.onion login: BYxo9FGIiH58sNWWzh967d5fQexHPomf password:

rsa_pubkey.plain

Signatures

  • Agenda family
    agenda
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • ee24110ddb4121b31561f86692650b63215a93fb2357b2bd3301fabc419290a3.dll
    .dll windows:4 windows x86 arch:x86

    15390616e614eec01aad923da301a7f8


    Headers

    Imports

    Exports

    Sections