Overview

overview

10

Static

static

10

936565a7d3...12.exe

windows7-x64

10

936565a7d3...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12

  • Size

    3.4MB

  • Sample

    240203-vqjh4sgegn

  • MD5

    2934910d0947504c29a5c4cc438b1ad1

  • SHA1

    d65721473f8436968b252efe564ba8709a5d24cc

  • SHA256

    936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12

  • SHA512

    07514bc98028923e53cc0a9c1fb385440948a1770e86dfb9a417fe0f7f96ddf218e0a7a0697c91fca9fbabb442ad3d55e808f5fc2825ef860519e831a22b12ae

  • SSDEEP

    24576:po/CW54IAnWrfdt2Zj1vpo4ajyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKQ:/IAWjdAp1PagjLuSh3i+FtvkMzT+

Score
10/10
mafiaware666makopmodiloaderransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\+README-WARNING+.txt

Ransom Note
::: Greetings ::: Little FAQ: .1. Q: Whats Happen? A: Your files have been encrypted. The file structure was not damaged, we did everything possible so that this could not happen. .2. Q: How to recover files? A: If you wish to decrypt your files you will need to pay us. .3. Q: What about guarantees? A: Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will cooperate with us. Its not in our interests. To check the ability of returning files, you can send to us any 2 files with SIMPLE extensions(jpg,xls,doc, etc... not databases!) and low sizes(max 1 mb), we will decrypt them and send back to you. That is our guarantee. .4. Q: How to contact with you? A: You can write us to our mailbox: Nergontr96@cyberfear.com .5. Q: How will the decryption process proceed after payment? A: After payment we will send to you our scanner-decoder program and detailed instructions for use. With this program you will be able to decrypt all your encrypted files. .6. Q: If I don�t want to pay bad people like you? A: If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause only we have the private key. In practice - time is much more valuable than money. :::BEWARE::: DON'T try to change encrypted files by yourself! If you will try to use any third party software for restoring your data or antivirus solutions - please make a backup for all encrypted files! Any changes in encrypted files may entail damage of the private key and, as result, the loss all data.
Emails

Nergontr96@cyberfear.com

Targets

    • Target

      936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12

    • Size

      3.4MB

    • MD5

      2934910d0947504c29a5c4cc438b1ad1

    • SHA1

      d65721473f8436968b252efe564ba8709a5d24cc

    • SHA256

      936565a7d3722051ea0477f886575304ce7abf0efc6fe8019f9a6ea11e85db12

    • SHA512

      07514bc98028923e53cc0a9c1fb385440948a1770e86dfb9a417fe0f7f96ddf218e0a7a0697c91fca9fbabb442ad3d55e808f5fc2825ef860519e831a22b12ae

    • SSDEEP

      24576:po/CW54IAnWrfdt2Zj1vpo4ajyKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKKQ:/IAWjdAp1PagjLuSh3i+FtvkMzT+

    Score
    10/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (2906) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.