General

  • Target

    3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d_unpacked_174

  • Size

    102KB

  • Sample

    240206-sbekhaheh4

  • MD5

    96a157e4c0bef22e0cea1299f88d4745

  • SHA1

    446771415864f4916df33aad1aa7e42fa104adee

  • SHA256

    3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d

  • SHA512

    697071bac6f86ea1b0421306dbc87e926973f061b8eff4608f9a98ada622fe2bdcd45a180591792dd14de54a0b87301ae02f0a3a222e93eb412b340ccc990377

  • SSDEEP

    3072:Gb+XoBHJ3RYjgggwgggwgggwgggwgggZQuYoL/:GDaoL

Malware Config

Extracted

Path

/tmp/systemd-private-7dd88a1d77a3408180e00d171f971053-fwupd.service-yCDzJY/tmp/qoxaq-readme.txt

Ransom Note
---=== Welcome. Again. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension qoxaq. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practise - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5A8FA0CD5A8FA0CD 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decoder.re/5A8FA0CD5A8FA0CD Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: 2MC1xgEfy9/lwPYRKkH4jq2NB3DFXFjElb7OOEb+axnb90Oq9vQVkkYXI169QWX4sPngsgHWwmYo0P8Ie+nG8jnw+6n7TUTnFYkruk0V+T7LWKohXzAK0jmd6nXg8kqx/WTjmMqAt0e1w0qTO2R9ZEGsMdmNdKB7ITq9rBwkBpb6M1N7JfYfFzLpGusSDk1VbJMP2MQjUevuXOuw8cIazZ8kxxLt+v0r/0Rds2wJDadkD3VOK5dWB/GSGeldx21QoRKdW3BBs28o3ns/E2Sgjp1GxaW89ezB1ttf9nVaNagMMJofZbn8zE++SoL1kUnudgTLWwJ0WpShdxL9gIb48ZVEg2k7KeGVWwhudSCuKDat4qWdq4eAU07OnUHG08xCqPaqQf5+f57VDW+ELTYkWEuYuU9yfel7Cr0LMKrTXqoLrTBnSRwh5c9eyt9FDu775PrcEza85N4RIJgjOSSLilBWXyomk/d6y6yT7svnQ8ZPU6mcsVLgnAy7aHyum9UyOwogGq5Kl2PdaSuKsw== ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damge of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!
URLs

http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/5A8FA0CD5A8FA0CD

http://decoder.re/5A8FA0CD5A8FA0CD

Targets

    • Target

      3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d_unpacked_174

    • Size

      102KB

    • MD5

      96a157e4c0bef22e0cea1299f88d4745

    • SHA1

      446771415864f4916df33aad1aa7e42fa104adee

    • SHA256

      3d375d0ead2b63168de86ca2649360d9dcff75b3e0ffa2cf1e50816ec92b3b7d

    • SHA512

      697071bac6f86ea1b0421306dbc87e926973f061b8eff4608f9a98ada622fe2bdcd45a180591792dd14de54a0b87301ae02f0a3a222e93eb412b340ccc990377

    • SSDEEP

      3072:Gb+XoBHJ3RYjgggwgggwgggwgggwgggZQuYoL/:GDaoL

    Score
    10/10
    • Manipulates ESXi

      Manipulates ESXi.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

MITRE ATT&CK Enterprise v15

Tasks