maze

General

Target

3885589a3c94d0475a6d994e4644e682f4cff93f8b4d65f37508ffe706861363.bin
Size

453KB
Sample

240224-kgpzesef47
MD5

248c960c1ae54103dea5bfae924f28e2
SHA1

504ce8efee0f7f8329c09c6d045a21c795a84b42
SHA256

3885589a3c94d0475a6d994e4644e682f4cff93f8b4d65f37508ffe706861363
SHA512

5b3dd4be33c48cedda5b9270a6454540e837e9611db4d43b35e7290ff7e25dd3b5c0342de6de38f12e8c7d5f291c62ef026236825134d1181e7ba5bdf8103464
SSDEEP

6144:/P2vVfY9RbTrI5Tm6oUAcEtKY/e8lmceEoAE77OvaHhdRwc9/P2wdAn7gJRKKRqX:aVw9prIVpb3F8ltQlBwc9/P2l7gT6

Score

10^/10

Malware Config

Extracted

Path

F:\DECRYPT-FILES.html

Ransom Note

<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000080; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 25%;"> <span class="left" style="font-size: 14px; font-weight: bold">CODE: <br>------ <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 </span> </td> <td style="width: 50%;"> <div style="text-align: center; font-size: 20px;"> <p><s>0010 SYSTEM FAILURE 0010</s></p> <p>*********************************************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>*********************************************************************************************************************</p> <br> </div> <div style="text-align: center; font-size: 18px;"> <p>The only way to decrypt your files, is to buy the private key from us.</p> <p>You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data.</p> <p>In order to receive the private key contact us via email: <br> <b>[email protected]</b> </p> <p>Remember to hurry up, as your email address may not be avaliable for very long.<br>Buying the key immediatly will guarantee that 100% of your files will be restored.</p> <p>Below you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br> <p>Base64: </p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">mgHc6Nc/csOi8hxrRq/qQ+L2XVA0u6BYdV2T/xVSTMyLg0HYCZjN+5Is1jwcW3HDERSVmJYN9ODcEsAbSGODFgX8w3ZLYaCWgul9Da880DxMV2MbwXWU+8sSZppPHl6qKgrEgnxiOKEczI43M/sWLoT56OLGVXJyykfCDPFLjpHAfE3Ly3cSoKnVEkWkjeiGsy6s7k6zSj1dFvXAqQzwX6x5v1b1o0GZtN1hn7Th/QG4T7K49AxoJ1dChaWWC3nWTEW2o5NSw5BY/+9CfQ8CBHNSESy5BznhYDdWRpTVuZ92/muIAisKB3qBb4olDT4VJ0ZBM93ZDatzeza3ugDLr/cio2ZEumykTJYLdHK9ECpZYsrrH0EI9+l01dibg8dyj6qJaOHBzpdcMKdEfwlPOBHB5NE1wUpYaPY2OwDbjsMUdvjFLtyNa1lGBhFBTZeIjNh/ersh/NhUDjrYoduf0miUCO4ZPrWeE/9/BvflrzMUuoDTpx8Ex4yezt+t2Pqf2NOQzBfvzPAurC7c0Ud+ZM5bgi7B6fLKLmppC8c4BpSLfgoIufSa6BKwz5yRsLsa78Cgo2L0ClD2jKyhndC12X59KbwSJcOdN3W4pV7gEm7+YCsHtoiYTw9nKohDY6dsf2wgOp3b4LGTBOre2Uf4wOnyjpoiSEGk58s0cbeJiDEQ8ryPoDNTEMB+NPXKdE2/L0wBWxeGVoVNQZ8CepmjNka4CaKI/HABVGJsoOkqNZaRFPTCIW6fIMIrYSUdmRmiU/e5j/CQgktbNJLD/jND9hkhs053tzasmDUBm0S6vvqriwi+TWKk43+wvLRfYzObsV4EV+++LPpExsMbBWqlt89XNvRoyLXDxMhnFtQoW3XJBta3iglmbOiiHKuA7Qxj/5A/eCDEocP/tWu4jVhg8s5NXEICHBBHDiYiqfRp49UoJnDzdxO2jzF4eZNvvF87tev2kv9okvXUT9cR6IcPENB06nm3XQFrEey5lVsCHkYgAYo+UX2Xxv1Mn880ReiL5IbA/V3/PzDm2S82ukh6tjlEqT1oz3sV4a88P9woITEcc3AlfkrB8xxXm3TJl0OThZ5ZY9xt7lzLRY/JflwICiX4m86Ytq4Lmw15ySO14HmIWPKssUhUBg4OccTo6GmcJSNg1GLhgTpGbScxVgK2tDPCOBZWYt2VG2sHowPRBgczb6ygUdlKR6A86o2tlDYGRjNLuzxAhNHBkpSjPWBP3QbBEMFeMQ3Un2KQ/iBvq3sGP+przxiXitUDw4DGWliC7RtBXKPAxSuOwfKNOdTr3Gy2lj2VWVkzWyqPicmm9NS7rAS2blg5sMeWuQyZzt+lLv2WK6g0A8xmF2lCaBdZZiskLVSqvE4V6LNIai2qQCwdP1MLNgKweEydJKGbxKZ3c25Ey4GjAFNBLguLzNVUAgsJDX/bYztld4Z8jl1+2K2cX9F+Ofb/8+8c4MWFghHmAifUYetAxzZGivPizp8cGzkhaqoSMedWdtU9MyuMsspDoRpoww1/3PR8PGBSKqYSmdcEXwNgOSOxLtuwVW13oDX3VLUhGwl4BrEZVASDyWrrI03tKPRIkx+6GM2ruYuO4FoSvjqCFrVEyhPZHbPbSgVWkeTFetgSNhpBqWHm5Km3x/yjy1Fz1kpnUHA4GHS7H3/Gq4+jpVt7659OH6aapPk4X1iDPUe0aGzRPWAC7oQxrBEUchA7kXT45kzMEoBhCGDxLjeGBbidbSlmp98lrggLtAKTc5Kfyc0SfmSC9MrLq8Uoqr/2f1OyjtzeNzUrUfcWwaJItyqjikPSC43aIuJdJeI9g3KRS5Ve7Yw8JdoIUdXfbYNeMVneBnYsGr4Pi1i4bdHlD0QmFy6iPpAzFPq2f03Louaew0yvPOWNi889FsdrS5Z7V36nOA9MPAiLrJWVhuohbXKeGCqdeoTQdNmc63Wf/NxtzPnAQae5+VbUxTKGZTg0+NzrmGLpT/oVG469grpu2Wt3f6hzceQEi2zXieVyIYAcaG/GHUHy6WyKG2PSGkMgIfVwzKAw9xNKnbQhkLzowAoe0TXR7GFUq6C6dolJvqPOchmISN6CaT9TpRUwPkssQIhEQChqlY7bfFvdJEAwIwFnIOST0r1P63wu7ZbrTOmjLWsIGjrGqVE2yiLCp1ytChyOWegClBhV3grnjxU10+QpOUEDcCmLKxU8QBqp10c6aHg3w4Vk+C0M+y4dNXYSPTG+UlG+S2sg+OmUBgoiOAA3ADcAOAAwADkAOQAyADYAYQBkADEANgBhADEAOQAAABCAYBoMQQBkAG0AaQBuAAAAIhJCAEkAUwBNAEkAWgBIAFgAAAAqDG4AbwBuAGUAfAAAADImVwBpAG4AZABvAHcAcwAgADcAIABVAGwAdABpAG0AYQB0AGUAAABCVnwAQwBfAEYAXwAyADAANAA4ADYALwAyADQAMQAzADYAMQB8AEQAXwBVAF8AMAAvADAAfABGAF8ARgBfADIAMAAzADgAOQAvADIAMAA0ADcAOQB8AAAASABQQFiJCGCJCGiJCHDa3th7eAGAAQGKAQgwLjkub2ZmbA==<span class="tooltiptext">Click here to copy</span></p></div></td><td style="width: 25%; text-align: right;"><span class="right" style="font-size: 14px; font-weight: bold">IMMINENT SHUTDOWN:<br>------<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00</span></td></tr></table></body></html>

Emails

<b>[email protected]</b>

Extracted

Path

C:\odt\DECRYPT-FILES.html

Ransom Note

<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000080; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 25%;"> <span class="left" style="font-size: 14px; font-weight: bold">CODE: <br>------ <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 <br>00000 00000 </span> </td> <td style="width: 50%;"> <div style="text-align: center; font-size: 20px;"> <p><s>0010 SYSTEM FAILURE 0010</s></p> <p>*********************************************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>*********************************************************************************************************************</p> <br> </div> <div style="text-align: center; font-size: 18px;"> <p>The only way to decrypt your files, is to buy the private key from us.</p> <p>You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data.</p> <p>In order to receive the private key contact us via email: <br> <b>[email protected]</b> </p> <p>Remember to hurry up, as your email address may not be avaliable for very long.<br>Buying the key immediatly will guarantee that 100% of your files will be restored.</p> <p>Below you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br> <p>Base64: </p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">x79wzuuDYFmxPDfNtH+5DpgMKJZfwpNz0TLV0gMvRFUGrO44OThXI0P9p/VV6f36cjBgwzy5eRUQkpysh1tZstk6F1zZgEnjjZcVWIW/EcLu+XALWuA9hgMFN/Zvk7dVTVBKLQe3CNgoMwRqY5ojDEpEH5F3QSBpXtfPZiOH2PcsxUi+XBGsBYjMawW2lhG1csLTrnRsWY3WEWEUtykcFdI5dSbyf4shOKs4ZMaufw7V4utktO0fWLEcnf/ciEPLGuPrsm2y2UcVnIE8ZkAGi1LDK74jfyo3/qS7KSVcS4lg0D+WydGpxpdCbtd5BzNwAQBdeH5KiapwxUbK0I8fNbCorGpcEzYKhY8gBRF63PmogEbaSLxxSa9Er8iWvIbBg4MtQHIw3grJkf5UJPVPPEBXwOZU+YyWz9iMopnLrfYtLJsOTVJl8pzeTqzsJ8x3MiclsDHSPCWSihjRmtBH5V9iS3+HwBdab+jj3ZcnHXbX7Gt30Xj1FckESW51QLv7MuIoZQ9BM6lNYHe+EuZC+JoHUjW3Trp0hL0iUGKObshaQSNbVgQRpB9yPL2t52mtgW0cnfXYmbgS0LHMVlY8IgqOR5tRlfEVP7XeMZQPWcwXCdB5NV1UmFWUHCBu6ToyQOAOsmj3nlWES4Hsmmukf7uSqoM19qOI1Tl/e1QpRBr6we5Hs4+yE5BmJU1vd0sBraMzvlGdVKoNzCIzP46ZiMZY9A8UvtzH0qKd0StQuuYzxQ1HwB5YzdvbLY/ZVOvgPmemERgs3Y+k6aorFtE0hDRj+Hlppg6FLALbsvDsAuCD6x/nxh7QOcvTqlHZBaR9tpO5SOJdh2a7UjQpqJcL+E4HXAGVuH5chlF0dbn4cXNcsdmnadHGNpFTZqcBp5wSKqPKp4qQ9UZIpOFJB5Z8S9DPQKLC24s7240cZL29cj9n6NHKklzpVr28Y/tlq1BEFTq/AykipRahcBFCS0/3nYXNWqWpamBzO6VYWBhIsyWDwjBymKtFaG6MKGDeSpjf+3c1Najs59GxOqCUEklhbc4XNGwrRyPIdWym75/KjKevTPckOuFYiUnihTTku5MaNn4X/5RZohsJwP8KzcXb1ZTJLm5bmvO2WtVu9xoulIqQKxZ5LrRZ388c5Yb5S/osIQB6jIcfxxNDEmwqUs71IYCwIhG2y1aupFXgS7bLJqBfQL+PwtATOO83V5UWofGY3iCpw+vQc5E4bS2FC2NVYjAOiCd9LzhaEoOMVJ97sKzmpl6StUM2lXwifVLCnWlOFJozpCFMXgFUth+jtQVr8ofIvdfsSOnEV+xWsGz5acVTHztyyYRGAgKlndl0v5VVwgdPuFgvaZMaMYslHmbyjydcH+dVV3sYr1SYCy39xlbID3IKtiWfo+DSrdgJsLR0rsMTqWMAOV58QJiR3Jl+4oUPVJVvm2UpW3houpk0fcPM1dBHKpx1wjANF7LTgP4a4/DHCPUmoS+pNNRvsINE0ycjSmWY5sp9fr5bqblQlMwd6q7JypVUXoMbv3OfdRt9LHwDczK15YGU9EtrumJb6q6PeQFOL6xLSHwiRmRPVEV0ErhAp5svl3fE/3PqGgRR7WEVchWdK4ARU7OKGxJlDnk2OIezuz/L80B70hn3timq0VX0mLE5Mu1vbL0LKFJEOMPwMHDFaagVvuB3dBGHggnD8d2WXxSDbX7x9/rV0g1ITHv9d7PyV1FoE7DBCFKJ2kY/Xrx9/nHnsg2YAmZnG9UOW4d7O6fBmsy49/gDtK5ur28NbZJhSoxVMUh0yh4XrqEwGELNuboDZfZCRWhtQp5saV/qN9vsZf1di+pc5MKrCO7ujprQmoq69AEUD5JU36VDwtUSv8C6Kig+NybrwpDcmTU66wGRjXUX/1K8QyhA48RxMuW5uh3H0TiPpCrjrxSQmIcMWzhC5YVKBJDbVjowAYGgq12NLUDzMvQp4SkTuce2PomRXT4daQHISTgd3nS4xSmq49CsJM4jWfFZ/2+K5WWYh6nR5sSrhzrR8E1XJ3pfueRHpEF6qi9WN84XWHlPjA+Ijf8FCyk3fn7PvaIB2t+MwMEjNSSiRBg5W1r6Zx38coj6kO5lWIx5tCOOZXFn4Z/hbptasEGE83g8uVjmC1jnyBOKxk0JJ6veCHeWFrKm+8TVWbB7+3RN/mVhgMooeEwsu59/p7FYbFYaaNM5Z3nlurK2dst/gXX2wtNDw1j1pyT3A/1PYB9VWiY5C/P1EAoiOAA2ADgAMAAwADkANgA3ADQAMgA2ADcAYgA2ADkAOQAAABCAYBoMQQBkAG0AaQBuAAAAIhJBAEQASgBWAEsARgBHAEYAAAAqDG4AbwBuAGUAfAAAADIsVwBpAG4AZABvAHcAcwAgADEAMAAgAEUAbgB0AGUAcgBwAHIAaQBzAGUAAABCVnwAQwBfAEYAXwAyADAANAA3ADkALwAyADQAMQAzADYAMQB8AEQAXwBVAF8AMAAvADAAfABGAF8ARgBfADIAMAA0ADIAMQAvADIAMAA0ADcAOQB8AAAASABQQFiJCGCJCGiJCHCh6d9yeAGAAQGKAQgwLjkub2ZmbA==<span class="tooltiptext">Click here to copy</span></p></div></td><td style="width: 25%; text-align: right;"><span class="right" style="font-size: 14px; font-weight: bold">IMMINENT SHUTDOWN:<br>------<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00<br>00000 00000 0 00</span></td></tr></table></body></html>

Emails

<b>[email protected]</b>

Targets

- Target
  
  3885589a3c94d0475a6d994e4644e682f4cff93f8b4d65f37508ffe706861363.bin
- Size
  
  453KB
- MD5
  
  248c960c1ae54103dea5bfae924f28e2
- SHA1
  
  504ce8efee0f7f8329c09c6d045a21c795a84b42
- SHA256
  
  3885589a3c94d0475a6d994e4644e682f4cff93f8b4d65f37508ffe706861363
- SHA512
  
  5b3dd4be33c48cedda5b9270a6454540e837e9611db4d43b35e7290ff7e25dd3b5c0342de6de38f12e8c7d5f291c62ef026236825134d1181e7ba5bdf8103464
- SSDEEP
  
  6144:/P2vVfY9RbTrI5Tm6oUAcEtKY/e8lmceEoAE77OvaHhdRwc9/P2wdAn7gJRKKRqX:aVw9prIVpb3F8ltQlBwc9/P2l7gT6
Score

10^/10

maze ransomware spyware stealer trojan
- Maze
  Ransomware family also known as ChaCha.
  trojan ransomware maze
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2