Overview

overview

10

Static

static

10

c26ce932f3...40.dll

windows7-x64

10

c26ce932f3...40.dll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    88bb86494cb9411a9692f9c8e67ed32c.bin

  • Size

    1.5MB

  • MD5

    2a56a902fdadb7a00f4d2cac5244e770

  • SHA1

    2b0be03fd665f9e18d9417d3d2c380924983ea3e

  • SHA256

    015405133c1e9f760733d3d447d490b24f65c01e1bb9238f35c9fc98456a81bf

  • SHA512

    98c12caeb465215f0caca0db9a2cc9536ff50ec0b1827ab538f98bbf7db63e8ea08e1acb7772125c209c475bc258ef0903ce770992203b9db4b064f857d18c56

  • SSDEEP

    24576:YoB9OBC+yksZTyly9aI1HbdF574D9gJWN+TKIB2d6D88fmfTJtAi/xxmPQfECyW:N9Oxykssi75EDZN+TKIB2Y88+zAZSLyW

Score
10/10
agenda

Malware Config

Extracted

Family

agenda

Attributes
  • company_id

    feGDg5BHWw

  • note

    -- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from you system/network If you refuse to communicate with us and we do not come to an agreement, your data will be published. Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials-- Credentials Extension: feGDg5BHWw Domain: e3v6tjarcltwc4hdkn6fxnpkzq42ul7swf5cfqw6jzvic4577vxsxhid.onion login: _RgxgvCfv_3rQI5oinfr9gj5JS6_AGP7 password:

rsa_pubkey.plain

Signatures

  • Agenda family
    agenda
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 88bb86494cb9411a9692f9c8e67ed32c.bin
    .zip

    Password: infected

  • c26ce932f3609ecd710a3a1ca7f7b96f1b103a11b49a86e9423e03664eaabd40.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    f846e17badb830abe49083e4c5bb1447


    Headers

    Imports

    Exports

    Sections