General
-
Target
e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527.zip
-
Size
741KB
-
Sample
240115-mln9sseben
-
MD5
a7cd16a6c7b1cf2eebd351abff7e8b47
-
SHA1
803189d5b894a8d980abcd18dbda37fdc29b1758
-
SHA256
fca69729e8052caad11c59e1ec5b7671bb1898724b3a1316ad77c8e565c85795
-
SHA512
8ff49acfa683147d142249b77ca7d9e6f52d9b5bff6b5d451853e95773cc7dd866a84e50663a7292d84719b60e04126607d4a90120670e6f4ab945b57bb6a9a7
-
SSDEEP
12288:uFZ3BHVlg6uEw2SHdaB4obTueFDIblY7SvT5rVXG3Zbru6oI7RohfUw5kdEHhAR+:uFZNs6uEw2soHZFD4ldrV2p+9IV8Uw+Q
Behavioral task
behavioral1
Sample
e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527.exe
Resource
win10-20231215-en
Malware Config
Extracted
agenda
-
company_id
MmXReVIxLV
-
note
-- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from you system/network If you refuse to communicate with us and we do not come to an agreementyour data will be published. Data includes: - Employees personal dataCVsDLSSN. - Complete network map including credentials for local and remote services. - Financial information including clients databillsbudgetsannual reportsbank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials -- Credentials Extension: MmXReVIxLV Domain: ueegj65kwr3v3sjhli73gjtmfnh2uqlte3vyg2kkyqq7cja2yx2ptaad.onion login: 6f031ccd-526a-4806-82a8-2e7d926243d4 password:
Extracted
C:\Users\README-RECOVER-MmXReVIxLV.txt
agenda
http://ueegj65kwr3v3sjhli73gjtmfnh2uqlte3vyg2kkyqq7cja2yx2ptaad.onion
Targets
-
-
Target
e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527.exe
-
Size
1.6MB
-
MD5
6a93e618e467ed13f98819172e24fffa
-
SHA1
d34550ebc2bee47c708c8e048eb78881468e6bca
-
SHA256
e90bdaaf5f9ca900133b699f18e4062562148169b29cb4eb37a0577388c22527
-
SHA512
ac78fcd5ab3340fa691eb9941c729a58291ae58372ed8f535ae2a7ac23b99b0f57448343a020b4e889a7b7a822d116df32c8c5c14a4def0720987c2d6b966192
-
SSDEEP
24576:KBz37bSK2rgyik2VZGiOYnSadiUm6M551SaJkqFYUe3xHj96khwkyITnoXlIEvXX:Kx6Rvik2VUKnzhQ4akWXUy
Score10/10-
Agenda Ransomware
A ransomware with multiple variants written in Golang and Rust first seen in August 2022.
-
Renames multiple (152) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-