Overview

overview

10

Static

static

3

0e60d49a96...a4.exe

windows7-x64

0e60d49a96...a4.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4

  • Size

    255KB

  • Sample

    240215-f5nztaae47

  • MD5

    1933fed76a030529b141d032c0620117

  • SHA1

    c55c60a23f5110e0b45fc02a09c4a64d3094809a

  • SHA256

    0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4

  • SHA512

    b153383ebd9919ff293896381d89a895c58985eef60f67803a4276026631184f4d85c19e9ea06351efb7230226b18ed9a17b533fb602e10ded518a7bd090dcfe

  • SSDEEP

    3072:iBWxT8JtvyAuX3CGun8r8206BretpJwIiymE9xTRVhGT4z106OKclYQO565tgPYs:iBxrKA4CGu8V0tl9zVhM49OxlYQ8fD3

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Readme.1352FF327.txt

Ransom Note
~~~ DarkRace ransomware ~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://wkrlpub5k52rjigwxfm6m7ogid55kamgc5azxlq7zjgaopv33tgx2sqd.onion >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. You can install qtox to contanct us online https://tox.chat/download.html Tox ID Contact: ************************ Mail (OnionMail) Support: [email protected] >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!
URLs

http://wkrlpub5k52rjigwxfm6m7ogid55kamgc5azxlq7zjgaopv33tgx2sqd.onion

https://tox.chat/download.html

Targets

    • Target

      0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4

    • Size

      255KB

    • MD5

      1933fed76a030529b141d032c0620117

    • SHA1

      c55c60a23f5110e0b45fc02a09c4a64d3094809a

    • SHA256

      0e60d49a967599fab179f8c885d91db25016be996d66a4e00cbb197e5085efa4

    • SHA512

      b153383ebd9919ff293896381d89a895c58985eef60f67803a4276026631184f4d85c19e9ea06351efb7230226b18ed9a17b533fb602e10ded518a7bd090dcfe

    • SSDEEP

      3072:iBWxT8JtvyAuX3CGun8r8206BretpJwIiymE9xTRVhGT4z106OKclYQO565tgPYs:iBxrKA4CGu8V0tl9zVhM49OxlYQ8fD3

    Score
    10/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (135) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Deletes itself

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks