General
-
Target
Buy Black Mass Volume II.hta_pw_infected (1).zip
-
Size
10KB
-
MD5
f97180d30ad774134384f77f4b7fcaf5
-
SHA1
56175753c768bbad8083f360dd522417e8971670
-
SHA256
1c7a09b57bea9eff43629d360acd07d1820004fea7e93b9b1a4b9c0ac40b0974
-
SHA512
57b7ec9f2ba3019b74959de6dff765ca6d164a514ef6460a2a28d83eba03242d1b53e779035572be03df4b8859846337d25f42bac300000999e267953e21dad2
-
SSDEEP
192:1KLNpzWphygKzZlxjBFiI/xYnPS4zJm2w1Z3iN83uMcL4JGziOjlMiT/:1KJpzsUgIlZr/YK4zJm2w1ZSue6JGW9a
Score
10/10
Malware Config
Extracted
Ransom Note
All your files have been encrypted!
All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected]
Write this ID in the title of your message 9E54833F-6666
In case of no answer in 24 hours write us to this twitter account: @vxunderground
You have to pay for decryption in malware. The amount depends on how fast you write to us. After submission we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before submitting you can send us up to 5 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.)
How to obtain malware
The easiest way to obtain malware is MalwareBazaar Database. You don't have to register. https://bazaar.abuse.ch/browse/
Also you can use MalShare: https://malshare.com/
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
The decryption password is definitely not "infected" so do not attempt.
Emails
URLs
https://bazaar.abuse.ch/browse/
https://malshare.com/
Signatures
Files
-
Buy Black Mass Volume II.hta_pw_infected (1).zip
Password: infected
-
0x000500000001976a-29632