0b341939797aa4b9ed2f734a16ddc6fb3a4b11fddd98b5ced4e4fc1e54fa2f76

General

Target

0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.zip
Size

983KB
Sample

240213-zksl2sad89
MD5

fd75ea6206cf89da6b785648f1720f1f
SHA1

57cfd73d7a3b6448675d68fd8cfc6c3bd12e5e80
SHA256

0b341939797aa4b9ed2f734a16ddc6fb3a4b11fddd98b5ced4e4fc1e54fa2f76
SHA512

83c16aeac9181ad7f6ffe1f43f88098eac79feb32b14ce6fb121ddd301aa05b9108ec23f67b2aa219752fc767553a1e6c704e87749e64f3cafd70a46be3f94d1
SSDEEP

24576:VYwpslkcqY3sR1SuwmRBx253q57ulgju6eRZiUaKqFPN:m6kkUUHDHxY4uyC6JJN

Score

10^/10

evasion ransomware

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0018-0409-0000-0000000FF1CE}-C\README_TO_DECRYPT.txt

Ransom Note

Your network has been compromised! All your important data has been encrypted! There is only one way to get your data back to normal: 1. Contact us as soon as possible to avoid damages and losses from your business. 2. Send to us any encrypted file of your choice and your personal key. 3. We will decrypt 1 file for test (maximum file size = 1 MB), its guaranteed that we can decrypt your files. 4. Pay the amount required in order to restore your network back to normal. 5. We will then send you our software to decrypt and will guide you through the whole restoration of your network. We prefer Monero (XMR) - FIXED PRICE We accept Bitcoin (BTC) - 20% extra of total payment! ============================================================================================================================ WARNING! Do not rename encrypted data. Do not try to decrypt using third party software, it may cause permanent data loss not being able to recover. ============================================================================================================================ Contact information: In order to contact us, download with the following software: https://qtox.github.io or https://tox.chat/download.html Then just add us in TOX: D27A7B3711CD1442A8FAC19BB5780FF291101F6286A62AD21E5F7F08BD5F5F1B9803AAC6ECF9 ============================================================================================================================ Your personal id: 5253413d30613733346632663838396530363236373730623638653434363761613734633a363531383665386265356138303035653163646531663839383665653639306536633633383435373966626566366366333136306331653366653033333961323665303531643465613165653864613734666166376637336161636636323933653237393466633835373265313631326665323934343663376433366336353366643162313330616266616533653630616366393830353039333562313230663366656436396464623433303062623137373866313632643432306235633261663137383535386666396333333135646339393030616335643038376363656235383564666138313136353364663630653034616464663066316662323130623536393733313863363135346439353931373062303066633635323236303233653863303831323831643238303039656137353162303231326666646538343330306238666662313837316439313862336463313531356638343362616364613435306533633038353239363733316539383562323666616534663139363064366164666636353936666335653337376430326238633934626461363761386164386332633032636636396331383336326163663661393264393362316233316163643462363565636364313461663936356462383862333061653431326630366139316236336636653862633565363063643432323265356461623134643434366337383038363034373836356366636330396166363931386463663830653265396239353936336139333337653264333037363332643138643536356665623664623538346465613639653239323435313161613363643930633838666531646335653134313535333461636439356334303838373534353862323733383938623134373766316335623630346666616639336337623365373765313666333937313336613837623131366563666665313365323230623633356638313463303338396164373266666166366666646665366233373838306665613430623835656331313661646633386166373061626332356133623333306163336263383734383331363339376162366666373562626133633466656234636162303237363634343033386266303566303264616565383166626435313364346437346364313435366464636232643138616331623062323966643338653330323637393934356130613934316663326233646634316334346336346637643563336165306463346363326335393866336161313935336232613264633961656133623963373330306463613639643262393539353831653965373333353732643936313465616634373635383631333738323632653132613135656162363762373962326465356233623536306330623233363062353765633633303338346239613a33313334666462366436366435623934646634643535316231613839333462633662326631623338666461386635313163646163393039616331633234633465363162303762613635653934346333373637373165343130366261346331613461336232386334303334623538626134316261383964383563386665306436383731646363313735366236326539306536326335336132386639356665366339656339306239366337313135326435663363343230666131386232663037616662383736363734373162343335376233386631666333343331633861656133313333353030636262333562623863353466666563333538633564333764346633316466643464326163666232656430396262303031303564663663626634613132303562363665393237643235383461356538373038636662633033653834366238313033336638346366353432373632373132653437396166333531356462313934616634336238303031386264306332666165333065303231656363333932633763353036366630616664363966353166396330616566643138646365313133303165303663383463373038343566636161643636313034633230633763383939636462646664313331313432316364616239633061633765653536343063616363383332643131663866313834346139623337313561626237616264313434656464623665366335663036306266646662613365383832323439623337333136366338643164613762633238356531653137346232306638386265623734653131343866633532343330323933623364303735663731313466333562343465306339663161373134326566356535366239356339646532393764366231666262396235303539323261643932343066316330383866316637383662633934343030393164626536306664656139373366666562623863356662613133666434393561306638356135363662366533343730663464613165303430623331623336663765666634623765653335343266643034313838656461663038646266313638303739353361333562303233386132366138323837396135373563313638396334386639653662656438616133363733353439623130346435306261303534633839636264303163393361343735303837356434303130303464653035633739633737613266353739383032656434643333306430336166326266666330333063656462386334306462643733326262346662623264636230623432386565373638373634383536306533623532636237303933363031316163306634363262613736656639376666616639376532353035366633636331316536313332346462636439626563653139353934623537643461636438376230383662

URLs

https://qtox.github.io

https://tox.chat/download.html

Extracted

Path

C:\Program Files\Common Files\README_TO_DECRYPT.txt

Ransom Note

Your network has been compromised! All your important data has been encrypted! There is only one way to get your data back to normal: 1. Contact us as soon as possible to avoid damages and losses from your business. 2. Send to us any encrypted file of your choice and your personal key. 3. We will decrypt 1 file for test (maximum file size = 1 MB), its guaranteed that we can decrypt your files. 4. Pay the amount required in order to restore your network back to normal. 5. We will then send you our software to decrypt and will guide you through the whole restoration of your network. We prefer Monero (XMR) - FIXED PRICE We accept Bitcoin (BTC) - 20% extra of total payment! ============================================================================================================================ WARNING! Do not rename encrypted data. Do not try to decrypt using third party software, it may cause permanent data loss not being able to recover. ============================================================================================================================ Contact information: In order to contact us, download with the following software: https://qtox.github.io or https://tox.chat/download.html Then just add us in TOX: D27A7B3711CD1442A8FAC19BB5780FF291101F6286A62AD21E5F7F08BD5F5F1B9803AAC6ECF9 ============================================================================================================================ Your personal id: 5253413d30613733346632663838396530363236373730623638653434363761613734633a333936396164626339343537306634653537363238646138363435653966356235636635373363616466633362653137336338336238316633613231376132643034623163636238323832633966373665346335663330646339323132633863363262616536366639313262623264623264366138313236323036393434656130306237356465353238323538653266333539396538393439623965663233636633613230623964353638373862373630353366643339653761336239383561613534303465383736383461313165646663623331643131643630626630396561386663396465393332343464623232323837346163623363336332333633653732383937333034636636643163363136666536323731626161313663326337313933633262636339366335646235303737643735373063373966346264616538623638356337326436653037346136616366353364373638656435643535303736343537303265323139343830353066323433343061666236316466653335383337376237366663386630623735633031313932376266666239613534353863326565663462343738333365323533386335346164373931303262346163666236373936343162643565333064666434613633363036326465643866623238303961353364356538643862316161343362393539623239363865326366613830376337386434623066623832616137643762636161356134346264353461333234353231346163376165346363326366326165346266643930326131633538376163386433633435633765333031356332643039333830633339356634366437626264623237356462303536383439636130373539613730353361613561383431316133653563303431373138666537353762613666336264353835373437653439376465616636336336663065643563633661633531613935663432663664306237336364313763323034386533623936333161653630633063363734333935343265623734323433666261643430316261393964363830323832643564646666326665626238303532343330323439326465383132303966616530343331373366326537633039313831353231626139316434656263633361653135326436623162386162346566646139376434636230353533663036613862323230306233366539653337336331376635363166643934346663326631356338656362353562313035646665663264666635353664383064663366376237613334313734346138313834313533313233396531353438623338313434373161646161623132356135626663646338633832383535313039376263663636636432343337663732353361633532663630313235643431373134616437346230326231383a36303863376330623464633732663532366162303263353132396331623337653936316135366632316437353939653938343939353138313335386166653233333434366231633263393466383633613832333332616439363131303764343166613866646130326530303063393262363439383666323565376366363437626361616564396238613636663162303733633634613362326562363239663137313639666265666236396535373136306163336530623662623664643762383764383736336539646465373636336435326539643737316531353264363732373431326139656463376636663039373763313636353434643131663738663537313635666638326163393461643931346639333534656466363562376330646161653966323133643134323764323565666531313832616338376132666234326661353839396634333130386262663630636136303433313530346430353632316635633738313031396361643661623966303732306630646538653533333764346631323761653264613664376231393230383437313633363436616134383030376432346639376530333939316562306436646361626630373738303863646261663834313432633665646137383434663136316636663836666265386637363635623866666132343465636238323939633539396231313831353665633461383935323532376236363438306362383632396434373736643936343161313030643330316463636333633965326265326337333235373538363461353238393632303836353134386636326134376131633835643864333965343136666438373234396261343030336239333037646263633763653839666563396165623562323964346630623161343932633134636263333761653039646564383836656632663939646161353062373433343061623932666639663164376436336136626439623362653166613135643763626535366338323335323734336564633165313161666665666163653532653130633939336439316366333135333932306462393838363137343039346163393638376161343532366638343462333061663031363561396537363437353362333666353437303164333732373262663731353064613236643238316531653133303661623631613462613963336262616438626338353731306238333138346436313334346433313039333134613735646133653937663039336435373030303537376639353864353437623332343465656538633439643037643836386439393739333633333862316166316266653930656266313734663532626232666366363935646531363062306636623535616363363635386532353461306238323430633635383163383131366631

URLs

https://qtox.github.io

https://tox.chat/download.html

Targets

- Target
  
  0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985.exe
- Size
  
  2.2MB
- MD5
  
  0608c64c57dcc09246be00f0b2767e6e
- SHA1
  
  02642663bfc7be0c06051f4b01c9861102c71850
- SHA256
  
  0162641163a30a2edff787eeecc733ab1de46f03e213743dc768d39eb3075985
- SHA512
  
  1c61fa21fd94c58349e8c2713828fa807bf44a3a00054cd1a11ab46ec74df4f0be00db245f4cce844b72bf8181e6c636490726ddc4f9d6211469429429ddb138
- SSDEEP
  
  24576:Hle0XU/NWp6jCcuYTQn095MmQdg4M/YJFweQDfj0OL2wwU+T8nQl/skT9Fs1g0jv:HiG2ekwA1e7i49vZGqsCz9/47Evz1z1
Score

10^/10

evasion ransomware
- Clears Windows event logs
  evasion ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Renames multiple (174) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

3

T1070

File Deletion

2

T1070.004

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

2

T1490

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Clears Windows event logs

Deletes shadow copies

Renames multiple (174) files with added filename extension

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2