Overview

overview

10

Static

static

3

0adde4246a...ca.exe

windows7-x64

10

0adde4246a...ca.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0adde4246aaa9fb3964d1d6cf3c29b1b13074015b250eb8e5591339f92e1e3ca.bin

  • Size

    224KB

  • Sample

    240307-xycfwace4y

  • MD5

    8a23347b733420472a1ec0a1eeada597

  • SHA1

    21eae7e488b145fa3618627da99c3234696c0f15

  • SHA256

    0adde4246aaa9fb3964d1d6cf3c29b1b13074015b250eb8e5591339f92e1e3ca

  • SHA512

    f667fe8d23482226241fd7a9cae66327a4bc2317ec01bffddb1243b936a44e0ec7a2a809f75e3e3cb02c3b9415df2401a6b2fe598251079472481114e0ce9b5e

  • SSDEEP

    3072:FnS2A9r4wpzL3syZUmMkZFfAQ2FUAElR8MRC3KevxEwYSidYj6zxe8pxU4iR:ZSFr4EzLvC1kP4Q7XlR8MRCXYZR5c/R

Score
10/10
ransomware

Malware Config

Extracted

Path

C:\Users\Admin\Documents\Readme.f58A66B51.txt

Ransom Note
!!! DoNex ransomware warning !!! >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom Links for Tor Browser: http://g3h3klsev3eiofxhykmtenmdpi67wzmaixredk5pjuttbx7okcfkftqd.onion >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> You need contact us and decrypt one file for free on these TOR sites with your personal DECRYPTION ID Download and install TOR Browser https://www.torproject.org/ Write to a chat and wait for the answer, we will always answer you. You can install qtox to contanct us online https://tox.chat/download.html Tox ID Contact: 2793D009872AF80ED9B1A461F7B9BD6209744047DC1707A42CB622053716AD4BA624193606C9 Mail (OnionMail) Support: [email protected] >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!
URLs

http://g3h3klsev3eiofxhykmtenmdpi67wzmaixredk5pjuttbx7okcfkftqd.onion

https://tox.chat/download.html

Targets

    • Target

      0adde4246aaa9fb3964d1d6cf3c29b1b13074015b250eb8e5591339f92e1e3ca.bin

    • Size

      224KB

    • MD5

      8a23347b733420472a1ec0a1eeada597

    • SHA1

      21eae7e488b145fa3618627da99c3234696c0f15

    • SHA256

      0adde4246aaa9fb3964d1d6cf3c29b1b13074015b250eb8e5591339f92e1e3ca

    • SHA512

      f667fe8d23482226241fd7a9cae66327a4bc2317ec01bffddb1243b936a44e0ec7a2a809f75e3e3cb02c3b9415df2401a6b2fe598251079472481114e0ce9b5e

    • SSDEEP

      3072:FnS2A9r4wpzL3syZUmMkZFfAQ2FUAElR8MRC3KevxEwYSidYj6zxe8pxU4iR:ZSFr4EzLvC1kP4Q7XlR8MRCXYZR5c/R

    Score
    10/10
    ransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (131) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks