Overview

overview

10

Static

static

10

deebdc98c7...7d.exe

windows7-x64

10

deebdc98c7...7d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    deebdc98c7394419d6493a4226b56c7d

  • Size

    3.9MB

  • Sample

    240326-mb1vvaag8y

  • MD5

    deebdc98c7394419d6493a4226b56c7d

  • SHA1

    ff261c48c2da2cdfc88f79e53ca08127846ba87f

  • SHA256

    6827d14360eef20e4f3e1935a896ffae85478a204bcb2e40ad7ea8e4ef08e00e

  • SHA512

    4f12f352c0c2e9831f29211cd5bbcad5f83401d6760344b6e4585d0ff6fc4043874c2bb5d224b6ef9a2ff10be57bf4058133904eb10775d47eae08b5eb0af55f

  • SSDEEP

    49152:fqiGrsqIumZFbF19liB3P56q3YjhBXxX02UlrtoCmoDPf3muri3r8wZ:fqi9JPZHlK8KYFBSJhDH3Hgr

Score
10/10
snatchransomwarespywarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0019-0409-0000-0000000FF1CE}-C\HOW TO RESTORE YOUR FILES.TXT

Ransom Note
Dear Management of BRON TAPES! We inform you that your network has undergone a penetration test, during which we encrypted your files and downloaded more than 1250 GB of your and your customers data, including: Confidentional documents Copy of some mailboxes Accounting SQL Servers Databases Databases backups Marketing data We understand that if this information gets to your clients or to media directly, it will cause reputational and financial damage to your business, which we wouldn't want, therefore, for our part, we guarantee that information about what happened will not get into the media (but we cannot guarantee this if you decide to turn to third-party companies for help or ignore this message). Important! Do not try to decrypt the files yourself or using third-party utilities. The only program that can decrypt them is our decryptor, which you can request from the contacts below. Any other program will only damage files in such a way that it will be impossible to restore them. You can get all the necessary evidence, discuss with us possible solutions to this problem and request a decryptor by using the contacts below. Please be advised that if we don't receive a response from you within 3 days, we reserve the right to publish files to the public. Contact me: [email protected] Additional ways to communicate in tox chat https://tox.chat/ contact our tox id: 7229828E766B9058D329B2B4BC0EDDD11612CBCCFA4811532CABC76ACF703074E0D1501F8418
URLs

https://tox.chat/

Targets

    • Target

      deebdc98c7394419d6493a4226b56c7d

    • Size

      3.9MB

    • MD5

      deebdc98c7394419d6493a4226b56c7d

    • SHA1

      ff261c48c2da2cdfc88f79e53ca08127846ba87f

    • SHA256

      6827d14360eef20e4f3e1935a896ffae85478a204bcb2e40ad7ea8e4ef08e00e

    • SHA512

      4f12f352c0c2e9831f29211cd5bbcad5f83401d6760344b6e4585d0ff6fc4043874c2bb5d224b6ef9a2ff10be57bf4058133904eb10775d47eae08b5eb0af55f

    • SSDEEP

      49152:fqiGrsqIumZFbF19liB3P56q3YjhBXxX02UlrtoCmoDPf3muri3r8wZ:fqi9JPZHlK8KYFBSJhDH3Hgr

    Score
    10/10
    ransomwarespywarestealer

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (7787) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks