Overview

overview

10

Static

static

7

18dfcf8104...85.exe

windows7-x64

10

18dfcf8104...85.exe

windows10-2004-x64

10

out.exe

windows7-x64

3

out.exe

windows10-2004-x64

3

Sharing

Copy URL Twitter E-mail

General

  • Target

    18dfcf81046272e08f6ef3230df83008cb78eb30cda341c59ceb33c5be542d85

  • Size

    210KB

  • Sample

    240101-p96vvsbdap

  • MD5

    bad78e11371381ce9e1d703aac2821e5

  • SHA1

    76ad0abaf1c99c741352a16e5b2f71fb38fed0e4

  • SHA256

    18dfcf81046272e08f6ef3230df83008cb78eb30cda341c59ceb33c5be542d85

  • SHA512

    8bccc4535dd97b483f10eda69f91a17e794b122215bb2e926a114ec46e8935ab0a1e5e1cb0b6fa3b6bb0a5a6d1b669a87579850197af4a0c33b3bb57a7f00b25

  • SSDEEP

    6144:GkLC3bs28lcwgzKSZ0A2vwi0Fvexsc/fAvXB5Dwu4:FLI8lcwe/aYi+veec/fYku4

Score
10/10
ransomwarespywarestealerupx

Malware Config

Extracted

Path

C:\MSOCache\!_HOW_RECOVERY_FILES_!.txt

Ransom Note
>>>>>>>>>>>>>>>>>>>>>>>>>>>> NOT_OPEN LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<< HELLO, DEAR FRIEND! 1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ] Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program. 2. [ HOW TO RECOVERY FILES? ] To receive the decryption program write to email: [email protected] And in subject write your ID: ID-2a943b0d84 We send you full instruction how to decrypt all your files. If we do not respond within 24 hours, write to the email: [email protected] 3. [ FREE DECRYPTION! ] Free decryption as guarantee. We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.) >>>>>>>>>>>>>>>>>>>>>>>>>>>> NOT_OPEN LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<<

Extracted

Path

C:\odt\!_HOW_RECOVERY_FILES_!.txt

Ransom Note
>>>>>>>>>>>>>>>>>>>>>>>>>>>> NOT_OPEN LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<< HELLO, DEAR FRIEND! 1. [ ALL YOUR FILES HAVE BEEN ENCRYPTED! ] Your files are NOT damaged! Your files are modified only. This modification is reversible. The only 1 way to decrypt your files is to receive the decryption program. 2. [ HOW TO RECOVERY FILES? ] To receive the decryption program write to email: [email protected] And in subject write your ID: ID-af1e3f1d9b We send you full instruction how to decrypt all your files. If we do not respond within 24 hours, write to the email: [email protected] 3. [ FREE DECRYPTION! ] Free decryption as guarantee. We guarantee the receipt of the decryption program after payment. To believe, you can give us up to 3 files that we decrypt for free. Files should not be important to you! (databases, backups, large excel sheets, etc.) >>>>>>>>>>>>>>>>>>>>>>>>>>>> NOT_OPEN LOCKER <<<<<<<<<<<<<<<<<<<<<<<<<<<<

Targets

    • Target

      18dfcf81046272e08f6ef3230df83008cb78eb30cda341c59ceb33c5be542d85

    • Size

      210KB

    • MD5

      bad78e11371381ce9e1d703aac2821e5

    • SHA1

      76ad0abaf1c99c741352a16e5b2f71fb38fed0e4

    • SHA256

      18dfcf81046272e08f6ef3230df83008cb78eb30cda341c59ceb33c5be542d85

    • SHA512

      8bccc4535dd97b483f10eda69f91a17e794b122215bb2e926a114ec46e8935ab0a1e5e1cb0b6fa3b6bb0a5a6d1b669a87579850197af4a0c33b3bb57a7f00b25

    • SSDEEP

      6144:GkLC3bs28lcwgzKSZ0A2vwi0Fvexsc/fAvXB5Dwu4:FLI8lcwe/aYi+veec/fYku4

    Score
    10/10
    ransomwarespywarestealerupx

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (9452) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops desktop.ini file(s)

    behavioral1behavioral2

    • Target

      out.upx

    • Size

      518KB

    • MD5

      0b9fd6e3bf95f1608645fbffa9df8570

    • SHA1

      0231675484946c27f3fea6a0e9994e505ba598a6

    • SHA256

      9b521b229eda91ad472146584bd6f857f8dc1af214b6d74ea56402c723757923

    • SHA512

      d321b414055ab46088f7cfd5d4757296d0cb8252514fb892377b2cf5e059a5a4ee0199b7e6a0f8c9d021740a6d912a68e09fd6b7173828fcafea0647cc8e5051

    • SSDEEP

      12288:rBi6X4QeWEK+OeO+OeNhBBhhBBXP8FpaqLp39KO/ChXEegDQm8D+yhIlS:r4QePmLpx2XngB8D+BlS

    Score
    3/10
    behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks