Resubmissions

22-02-2024 11:51

240222-n1a66agf8t 10

15-01-2024 10:30

240115-mjzmrafbc2 10

15-01-2024 10:22

240115-meastseabm 10

26-12-2023 04:42

231226-fb3acafcdq 10

General

  • Target

    21ab6e4cfe7a17c6fca334c920cd73dbbfac79ce881403b540c8001ae1aae010

  • Size

    4.0MB

  • Sample

    240222-n1a66agf8t

  • MD5

    390b8c1bf2838bff01edcf34f9420990

  • SHA1

    8a28ec5aeaf8e96b0d72115b589bc38eb153b3b1

  • SHA256

    21ab6e4cfe7a17c6fca334c920cd73dbbfac79ce881403b540c8001ae1aae010

  • SHA512

    3838a35dade4f16f07f7f5e384c868038b1abd5b03589563df6f6dbf63a1b33e270f81f97daea1231d4f1139fd44ddc6788b90ab558ebd3ca1c14df843b320a2

  • SSDEEP

    98304:OytVc8V5odJBN4SIQLp468SI/JTpjaYDQ7toz/ngwa:OCO8EJBN4SJLp4b7VWYDQ7toz/Za

Score
10/10

Malware Config

Extracted

Family

agenda

Attributes
  • company_id

    Y4aYnqmoKD

  • note

    -- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from you system/network If you refuse to communicate with us and we do not come to an agreement, your data will be published. Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials-- Credentials Extension: Y4aYnqmoKD Domain: mc3lcg4lqmwcrk34geaqokyjyhvjeh2alsiklpgnaqe25466isopv3id.onion login: R5ZHFB-RiA_94UGXxYDObv6Xriy7JCxb password:

rsa_pubkey.plain

Targets

    • Target

      21ab6e4cfe7a17c6fca334c920cd73dbbfac79ce881403b540c8001ae1aae010

    • Size

      4.0MB

    • MD5

      390b8c1bf2838bff01edcf34f9420990

    • SHA1

      8a28ec5aeaf8e96b0d72115b589bc38eb153b3b1

    • SHA256

      21ab6e4cfe7a17c6fca334c920cd73dbbfac79ce881403b540c8001ae1aae010

    • SHA512

      3838a35dade4f16f07f7f5e384c868038b1abd5b03589563df6f6dbf63a1b33e270f81f97daea1231d4f1139fd44ddc6788b90ab558ebd3ca1c14df843b320a2

    • SSDEEP

      98304:OytVc8V5odJBN4SIQLp468SI/JTpjaYDQ7toz/ngwa:OCO8EJBN4SJLp4b7VWYDQ7toz/Za

    Score
    10/10
    • Agenda Ransomware

      A ransomware with multiple variants written in Golang and Rust first seen in August 2022.

MITRE ATT&CK Matrix

Tasks