Overview

overview

10

Static

static

10

17b447b971...18.exe

windows7-x64

10

17b447b971...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    17b447b971a4977b2bfb2c28659aa1dd_JaffaCakes118

  • Size

    938KB

  • Sample

    240329-efm6jshf85

  • MD5

    17b447b971a4977b2bfb2c28659aa1dd

  • SHA1

    4af0fc90413fffcb4f73839adcae91ccdcc7c4f0

  • SHA256

    5fa490668a9963e97d956f9a3b0c746b1d16eee9a73dfba875c9a3dc0e2c0d1b

  • SHA512

    a92fdc07cbf295bbf90174820a1a24b7909bd55845acd6f01ca36a2540aed822f6a9fca8d5d78052917b55355c65ad2a80cde03f285493277162691f51c39949

  • SSDEEP

    24576:mm0Br6HSQDqmEO5tPO8zQEWX3PnsOiaQCWFc:mcyQDqmjtzQBkOianX

Score
10/10
atomsiloransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\README-FILE-AYFLYVMK-1711684390.hta

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Atom Slio: Instructions</title> <HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style type="text/css"> .text{ text-align:center; } a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 13pt; line-height: 19pt; } body, h1 { margin: 0; padding: 0; } hr { color: #bda; height: 2pt; margin: 1.5%; } h1 { color: #555; font-size: 14pt; } ol { padding-left: 2.5%; } ol li { padding-bottom: 13pt; } small { color: #555; font-size: 11pt; } .button:hover { text-decoration: underline; } .container { background-color: #fff; border: 2pt solid #c7c7c7; margin: 5%; min-width: 850px; padding: 2.5%; } .header { border-bottom: 2pt solid #c7c7c7; margin-bottom: 2.5%; padding-bottom: 2.5%; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .info { background-color: #f3f3fc; border: 2pt solid #bda; display: inline-block; padding: 1%; text-align: center; box-sizing:border-box; border-radius:20px; } .h { display: none; } .ml1{ position:absolute;width:50%;height:10rem;left:-211px;top:0;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2% 2% } </style> </head> <body> <div class="container"> <div class="header"> <h1>Atom Slio</h1> <small id="title">Instructions</small> </div> <div class="text"> <span style="color:#f71b3a;font-size:40px">WARNING! YOUR FILES ARE ENCRYPTED AND LEAKED!</span> </div> <hr> <div class="info"> <p>We are AtomSilo.Sorry to inform you that your files has been obtained and encrypted by us.</p> <p>But don’t worry, your files are safe, provided that you are willing to pay the ransom.</p> <p>Any forced shutdown or attempts to restore your files with the thrid-party software will be <span style="color:#f71b3a">damage your files permanently!</span></p> <p>The only way to decrypt your files safely is to buy the special decryption software from us. </p> <p>The price of decryption software is <span style="color:#f71b3a">200000 dollars</span>. <br>If you pay within 48 hours, you only need to pay <span style="color:#f71b3a">50% off dollars</span>. No price reduction is accepted.</p> <p>We only accept Bitcoin payment,you can buy it from bitpay,coinbase,binance or others. </p> <p>You have five days to decide whether to pay or not. After a week, we will no longer provide decryption tools and publish your files</p> </div> <hr></hr> <div align="center"> <span style="color:#f71b3a;font-size:200%">Time starts at 0:00 on September 28</span> <hr></hr> <span style="color:#f71b3a;font-size:300%"> <a>Survival time:</a> <span id="td"></span> <span id="th"></span> <span id="tm"></span> <span id="ts"></span> </span> </div> <script type="text/javascript"> function getRTime(){ var EndTime= new Date('2021/09/28 00:00:00'); var NowTime = new Date(); var t =EndTime.getTime() - NowTime.getTime(); var d=Math.floor(t/1000/60/60/24); var h=Math.floor(t/1000/60/60%24); var m=Math.floor(t/1000/60%60); var s=Math.floor(t/1000%60); document.getElementById("td").innerHTML = d + " Day "; document.getElementById("th").innerHTML = h + " Hour "; document.getElementById("tm").innerHTML = m + " Min "; document.getElementById("ts").innerHTML = s + " Sec "; } setInterval(getRTime,1000); </script> <hr></hr> <p>You can contact us with the following email: <p><a href="mailto:[email protected]"><span class="info">Email:[email protected] </span></a></p> <p>If this email can't be contacted, you can find the latest email address on the following website:</p> <p><span class="info"><a href="http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion" target="_blank">http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion</a></span></p> <hr> <p>If you don’t know how to open this dark web site, please follow the steps below to installation and use TorBrowser:</p> <ol> <li>run your Internet browser</li> <li>enter or copy the address <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> into the address bar of your browser and press ENTER</li> <li>wait for the site loading</li> <li>on the site you will be offered to download TorBrowser; download and run it, follow the installation instructions, wait until the installation is completed</li> <li>run TorBrowser</li> <li>connect with the button "Connect" (if you use the English version)</li> <li>a normal Internet browser window will be opened after the initialization</li> <li>type or copy the address in this browser address bar and press ENTER</li> <li>the site should be loaded; if for some reason the site is not loading wait for a moment and try again.</li> </ol> <p>If you have any problems during installation or use of TorBrowser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the search bar "Install TorBrowser Windows" and you will find a lot of training videos about TorBrowser installation and use.</p> <hr> <p><strong>Additional information:</strong></p> <p>You will find the instructions ("README-FILE-#COMPUTER#-#TIME#.hta") for restoring your files in any folder with your encrypted files.</p> <p>The instructions "README-FILE-#COMPUTER#-#TIME#.hta" in the folders with your encrypted files are not viruses! The instructions "README-FILE-#COMPUTER#-#TIME#.hta" will help you to decrypt your files.</p> <p>Remember! The worst situation already happened and now the future of your files depends on your determination and speed of your actions.</p> </div> <span class="h">AESKEY</span> </body> </html>a:<asf>ixbHbcVdhRiZ4n6RtYw+jBFJyX17ps2ZlpD9G18Z2/AjSfQIMHKXO0fhgX6o737Jdv8FtXoklaBUiAaDqOo1XtPdob31zVUwq0ggxUcVN+BwMGaWRB3C91I3nkGPq4/BfmXkEa/ZH4N7EiYap8cLePRkIuogjLRdyb6nI8b9feJO98ykjpRnnFM2eIVIJaqL8RAm8otUG2WzIw/9CH6yOSiF0LA/5abZxk5NAWM4OrISSRLVqVkcL4IGRPSYSOm8/AaW9EdL22TlupiJvsW8Xs7KxOCVf3xOnZMZhQJAFWZxtXJ8TAPFVj+/BelkZI4M+4gau7vpRRTdUSR8Uhc4TDVmHqggS70lbIamoVb46QG+Gn3X7ACzHl0XnmMxMT1ty+zFyQDaUTRupVyPEgE+pJOxgMkmU8wq/SWKviSQsrI9G+Hqzi4490Mt2kyH96RinJjn1VB+ERpr3stFpDCXm/FFUIM2xnKpoJ93bChV2votUzBgtXXwdJOywx4qRWa5gy/U9EbvR6mjBDSrYN16e1WDL2DlGIKB59DM+QckLqwdG547lmoppsh2m2ZawhoFYOHKtsyDnj6TvvnkbNp6oUpWZuGK69l5w41i6cZ93Jnj+HSGUl/7APjHiO9Xi8SlMzHs7+HSJ2w1Sge9vHnDkvOZjydlmueNRAzFwbBD7dFyZFkc3Rn/6BXTCvxK+CRyq2Se6+hogJWDh80AUFV18/imBdn4QSuxWZbM+z2lFW4RcXAi3wl5QqRKbzdvmh+URHeD+pgmZOgVPcLS2ONEIigEmvOpB3xe+zUphU/VoywzB38pH4MMdimxKfxx2R8/92fBRYV3bSt6/oeFpTn4cPNe/Q7TJ9yWPIEdgzldBZOklBikKhB8eaXHgLbvg776LZPx7jlGWlrWkj5wSY80zj40fnizlpJLBlaGa1+lRcKf1NbwHMLDDYIOf1hMjtrkiKEbMZKMRtfj2ceGkZtiMpEtbv2crU/3ypSDeDyrzlzu/Eb+iFN6Njiu+KXiIBjlFF0jufJNJWb8S+VYU+Ig+C/CvWGzyqBpVxTYJkNK8VNRrwrnGAdzz4edaE2z7u29UMqv5iiEp9F63CgUeiAPKaaVQjDf2YCOIbTdyl8c0cpJ8wRw/fFMVFPPjhGkJHsJ6Ci7LC2HQg14zAnhrogMznRGqDKqr7ZZJyJR6aMwcOUOVYLRXqC5JY/hNygEqKucAdb3MSSPSAwk8UFqR+q/WoyIlNT7nSBIpb7uE5myJkywe3Cj9xVkOREyGHATAQNcdtTkqA757kK5DwkwuwkrrbK2jz4jTjuoWqG+usyQlfhZRctpYH67EnN4Ua4ReasRTIdxxrHOsurx7uNWmrb2UknxhZrC8q45Lus5/l97PPJybvh/Etig4O5pqGww7Cqj0s1PMk46kJnRP81d89U8sUHixePN8sN6RVZExOm2CXAL9iVGoM1VnrtZUh0osEN3Fk+dIZzvA6aLG3NTKsL3N0MUvrpLB+Ig31/4dLDhGV/nYTpoRCogVipxUCNECkqYWqv6sdt6c4sAIWMkmCjIeHPOkB5i04NNYVRF3rRnV13EN7bFyk/5LUwWtXouUtKmsO15MFDieSYpJl/dmepCRiu+tEJW7B7FVELfOg4xQ9LOQapELsX0xqa7SicawE93vHVopfyPauyl60o3JOq1e3nKvof+qkDLfkTEM32Fnlccx7DF5C60046741WrcnHLc7m4lxHdk0FoxmJXpT2xXdjiAvVVt2TbteLO9DbuTg8VAT7i28cCBwqR2toWtFBZJDIFjk8llpyfx24f3OKxbDA0rz74ttf5mFcoEzmr+qFOyR7WEIeRpYNI3bsw7dVYGIO45tY96H9kqzYtKatZOzpawRFRfcxK9pjaYn65cnIV0SEI0QEIs5L96m9/MfuMoLw5i/dnjgjd94uVTxF2rKlV9dj6fBly9nE8VNXqudoG4+L3nNEbgnZoNqq+iwzcDEQAnhWUjXuksmNJGpSYw3dMyj5ReMozok/j2065YMC+owfgsH91qcupSnZSmKg6JojCLAuR90Wj3KUcZv3lIUpqr4W0qXPw8GAxmSrfN9K89ajX4vIZs6lNsmKq2Wx+KTAZ2vOhdvroWfu126oYbo9x8fRl2QE4HGVMiRFzhz+M14I3owXglcincfR/403h25Wtu69lWuTC2u2EcjpYJ/uNbrqWaKB80tjrI0s9oqeBCmQTOPKxG7L/vU5593ljs4oNPK56NhV86/0ZtJ0J/IjMvroCRrpEQ3pDhAXaksUFM3KkIGK7rRzw72xiMSUECzkFM4bO4LboFzEkRJv6Q5RM0PZYb4QLXJFLK3oEmDs+e76dzGSKxrGRM2iK5u/pjZeHqmxepAryGbd6L59poXJPAG9TQIBrcCUJa/Ka9YcpSUomkDD7ZpFLBvLCovloKy1iTSWo+Ih5mMM9q4Lq+LgjGDc7ImcNcFqv4uqEKC83QEToWDhp8ImehIflf9TV+KERVdUWWEShvA8WzwmLqKR+v4fj4pZAraT5MUYwtj4dbbv7sfB+vpqE9hQdoCgZR+AT7shqOo8sjCI+Sc3FAyGPXk5jqPgIe7gdLztSlqquN4Wg+Lhzp2LmvVksWquDM1o8pigGsNakUu+lULKcF4f6n9tJTJTLCuZC4cfBe+DsrRJFPzE4vRS1NG3EfPevVakFdrI73xPgi8NSTJhU9JkZYX444Brp/n2ajHSKwAsVNn6v6QzggGPOsy4PJyMDbjGkWyQkuV0S9CCth4x0bb+QejJSc4XKOfmMoKr4Eb2WYjElA7KbG4siljoK8o8Rj48sW3ntqEKNAMvBdAyomSkoqzt9FkFbQtKioL0aPLTuqmhnSa7QPME661TUTtIue8nau/uR9cPMUYlWSQ4DljBkxdWfLILvG+5fN3saTEN6pKCg4yJEBGlUxStEitGIKUITsObbRvyeu/i5OwCIR7hI1sksjzYPaYgpZnF655zPjfe9+q+sP3xP0nUJWum3X2QsrsNNjbasvw9qONTwUxZsc7gMAjXuydPv9v25T1Nzw3gutd8K6fimGq/JqjsfH/uWkJ25LgUxLJmQgkp2pZnftSkd6s82jY3gRYpRVe3+9RDpxNXk/gthpZoa4+wIa/qOKa0nNYny6l8edOscfUZIFfd7Ocioac591Mi4I0sWFfIL4iexsB3tmbN5IcEi1wkunUQwrD9NBVI2WuuDj6txZyrX0/5zpygPFThQAPqhrk+Nf0XFKlmHKDU63uMkh/4aAgt5ey66tMVisxbfteUJtevreQQtH9/L1X5sslVbBsF0j5IdIsOdE9riqJoJVadRSmXeBY5IjvU6BeWx8PluGjmizA8Kfg8GQTeTRs4BcIA5/erZ5G2t95BJYhHC4ldStwgc3RomSdlV/sg96h6Ns6G8uduKCeEbssTnDVUxTxn2MpunKUOeGnbcjpSKnQNlDHWBk0YQx2LYXae2k4YqxmJoDNc1RZLGQF5oQaYdryUTXAhB4XcbsTePxiHaTU8iEhUWsm/PtODCZKV5noshMyIvyLKYUnsLew9/4HbZHPbFjkLdGvVWrCLe4weCLbmGfuyD9sCqFcLJwniEgVaEq+6Soeh8sQduv651qssoDp3OpWbaRnS+hhiS3OLCjE+lZFB/kX+XFtHRdkyUG8V+5lz3AfOznklaBz1lNIbHvoFPOBJdWuwXyKKI3w8iDtdrlENjnvXtuAHJPQQuZ7Agd9osrjizx3VGVi9bo7yv1Memmkn5QBWRsr6xYfWmwoK3NkCFzlb3VVQS8kofV9lmTnla5UtQ8w6S/nuDuB3LPv7bOKGpinQbkvswg1EAttV/3qKf/2+Q5IMDbRcuELJG5bnKMWnMr3uS7rRM5HGXAPmkGU1qVuMgGIlVqM5B9yx5LmQ91XSxdbNn2uV/V//tYlFhCac2OQ3bbaVev+lAxxb+/97Jkl5K9baoIZx9xe7T9EHXyzsPBeTGTuJ7seqwKk7+cjD1WWTSLkf4jKRmEKc0h/MFlixNcxxkYzqTqh7N+Y5IqbbnhUeK+IhNLggobqqCdJcHdfzl9sNHcB9LDsOuNVZ7zsVKALZhkc4k</asf><csf>3</csf><pub>MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAhVPcjbnsPF2CM499sqFHRD7SvMAEPrhmxKbmcgPm+2jg8BfqGjqLffyZBnEaRlLWIGvfmgtvpjWCBUT4GL9p+/2ZFBCp6megfwP1ZJpI9e/hEw3mpeT6AVpu1m8lHhun+hPZX0ZvjZ57qPV+PweeZvzCg2BWBfBgq+fmfjHgdzwHZNP/HJSo4VL/6vhq5NrvkXSI65P3yBINfXbjzY3hrMoLsiVHq28/1LuV0ChJWY12576MFX5h3LkYtbvJSxekIpBnOQIleoJIgrCi1X4SVWV3m7eN7mv8cah7CCtl+hX1OlQ7MD8ZYkccZGR26UKjamUCtvOTyL9gE+VBl0jgm2TVLDRuTNIKEiOkTSgiVnBEZ20Rd4G+B1vl7bP9eICOOm5mihfeRhfjuw8XWryIzepGZ9/awpLZN4ncv5baHU1lvUk+EwRb3S0n/x275MHVu9+OxjMHbj56KC3mN7pqPllCEWYRt+ykk6HfwToYDjty6D4NqTXD5NPstE+Um6HAzSI3f1zciocLHua1uerwfZrFo0jMjeb8PH9VpLidPdFnpVzNTqx7q3R1/utXe6yaTqMyt9kTozQGue4T1vrG+yhGjuNtZokNTMpXyX+zN+5aVCSTG2fhUKZ2izi7SlQ1HWN0G0sL4v7+rRVt/9O5EcrxoumTglNJBfNbIz7rqxMCARE=</pub><bsf>AYFLYVMK</bsf></span></body></html>
Emails

href="mailto:[email protected]"><span

class="info">Email:[email protected]

Extracted

Path

C:\Users\Public\ATOMSILO-README.hta

Family

atomsilo

Ransom Note
Atom Slio Instructions WARNING! YOUR FILES ARE ENCRYPTED AND LEAKED! We are AtomSilo.Sorry to inform you that your files has been obtained and encrypted by us. But don’t worry, your files are safe, provided that you are willing to pay the ransom. Any forced shutdown or attempts to restore your files with the thrid-party software will be damage your files permanently! The only way to decrypt your files safely is to buy the special decryption software from us. The price of decryption software is 200000 dollars . If you pay within 48 hours, you only need to pay 50% off dollars . No price reduction is accepted. We only accept Bitcoin payment,you can buy it from bitpay,coinbase,binance or others. You have five days to decide whether to pay or not. After a week, we will no longer provide decryption tools and publish your files Time starts at 0:00 on September 28 Survival time: You can contact us with the following email: Email:[email protected] If this email can't be contacted, you can find the latest email address on the following website: http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion If you don’t know how to open this dark web site, please follow the steps below to installation and use TorBrowser: run your Internet browser enter or copy the address https://www.torproject.org/download/download-easy.html.en into the address bar of your browser and press ENTER wait for the site loading on the site you will be offered to download TorBrowser; download and run it, follow the installation instructions, wait until the installation is completed run TorBrowser connect with the button "Connect" (if you use the English version) a normal Internet browser window will be opened after the initialization type or copy the address in this browser address bar and press ENTER the site should be loaded; if for some reason the site is not loading wait for a moment and try again. If you have any problems during installation or use of TorBrowser, please, visit https://www.youtube.com and type request in the search bar "Install TorBrowser Windows" and you will find a lot of training videos about TorBrowser installation and use. Additional information: You will find the instructions ("README-FILE-#COMPUTER#-#TIME#.hta") for restoring your files in any folder with your encrypted files. The instructions "README-FILE-#COMPUTER#-#TIME#.hta" in the folders with your encrypted files are not viruses! The instructions "README-FILE-#COMPUTER#-#TIME#.hta" will help you to decrypt your files. Remember! The worst situation already happened and now the future of your files depends on your determination and speed of your actions. AESKEY
Emails
URLs

http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion

Extracted

Path

F:\README-FILE-JKRSODLE-1711684388.hta

Ransom Note
<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <title>Atom Slio: Instructions</title> <HTA:APPLICATION APPLICATIONNAME="Atom Slio" SCROLL="yes" SINGLEINSTANCE="yes" WINDOWSTATE="maximize"> <style type="text/css"> .text{ text-align:center; } a { color: #04a; text-decoration: none; } a:hover { text-decoration: underline; } body { background-color: #e7e7e7; color: #222; font-family: "Lucida Sans Unicode", "Lucida Grande", sans-serif; font-size: 13pt; line-height: 19pt; } body, h1 { margin: 0; padding: 0; } hr { color: #bda; height: 2pt; margin: 1.5%; } h1 { color: #555; font-size: 14pt; } ol { padding-left: 2.5%; } ol li { padding-bottom: 13pt; } small { color: #555; font-size: 11pt; } .button:hover { text-decoration: underline; } .container { background-color: #fff; border: 2pt solid #c7c7c7; margin: 5%; min-width: 850px; padding: 2.5%; } .header { border-bottom: 2pt solid #c7c7c7; margin-bottom: 2.5%; padding-bottom: 2.5%; } .hr { background: #bda; display: block; height: 2pt; margin-top: 1.5%; margin-bottom: 1.5%; overflow: hidden; width: 100%; } .info { background-color: #f3f3fc; border: 2pt solid #bda; display: inline-block; padding: 1%; text-align: center; box-sizing:border-box; border-radius:20px; } .h { display: none; } .ml1{ position:absolute;width:50%;height:10rem;left:-211px;top:0;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2% 2% } </style> </head> <body> <div class="container"> <div class="header"> <h1>Atom Slio</h1> <small id="title">Instructions</small> </div> <div class="text"> <span style="color:#f71b3a;font-size:40px">WARNING! YOUR FILES ARE ENCRYPTED AND LEAKED!</span> </div> <hr> <div class="info"> <p>We are AtomSilo.Sorry to inform you that your files has been obtained and encrypted by us.</p> <p>But don’t worry, your files are safe, provided that you are willing to pay the ransom.</p> <p>Any forced shutdown or attempts to restore your files with the thrid-party software will be <span style="color:#f71b3a">damage your files permanently!</span></p> <p>The only way to decrypt your files safely is to buy the special decryption software from us. </p> <p>The price of decryption software is <span style="color:#f71b3a">200000 dollars</span>. <br>If you pay within 48 hours, you only need to pay <span style="color:#f71b3a">50% off dollars</span>. No price reduction is accepted.</p> <p>We only accept Bitcoin payment,you can buy it from bitpay,coinbase,binance or others. </p> <p>You have five days to decide whether to pay or not. After a week, we will no longer provide decryption tools and publish your files</p> </div> <hr></hr> <div align="center"> <span style="color:#f71b3a;font-size:200%">Time starts at 0:00 on September 28</span> <hr></hr> <span style="color:#f71b3a;font-size:300%"> <a>Survival time:</a> <span id="td"></span> <span id="th"></span> <span id="tm"></span> <span id="ts"></span> </span> </div> <script type="text/javascript"> function getRTime(){ var EndTime= new Date('2021/09/28 00:00:00'); var NowTime = new Date(); var t =EndTime.getTime() - NowTime.getTime(); var d=Math.floor(t/1000/60/60/24); var h=Math.floor(t/1000/60/60%24); var m=Math.floor(t/1000/60%60); var s=Math.floor(t/1000%60); document.getElementById("td").innerHTML = d + " Day "; document.getElementById("th").innerHTML = h + " Hour "; document.getElementById("tm").innerHTML = m + " Min "; document.getElementById("ts").innerHTML = s + " Sec "; } setInterval(getRTime,1000); </script> <hr></hr> <p>You can contact us with the following email: <p><a href="mailto:[email protected]"><span class="info">Email:[email protected] </span></a></p> <p>If this email can't be contacted, you can find the latest email address on the following website:</p> <p><span class="info"><a href="http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion" target="_blank">http://mhdehvkomeabau7gsetnsrhkfign4jgnx3wajth5yb5h6kvzbd72wlqd.onion</a></span></p> <hr> <p>If you don’t know how to open this dark web site, please follow the steps below to installation and use TorBrowser:</p> <ol> <li>run your Internet browser</li> <li>enter or copy the address <a href="https://www.torproject.org/download/download-easy.html.en" target="_blank">https://www.torproject.org/download/download-easy.html.en</a> into the address bar of your browser and press ENTER</li> <li>wait for the site loading</li> <li>on the site you will be offered to download TorBrowser; download and run it, follow the installation instructions, wait until the installation is completed</li> <li>run TorBrowser</li> <li>connect with the button "Connect" (if you use the English version)</li> <li>a normal Internet browser window will be opened after the initialization</li> <li>type or copy the address in this browser address bar and press ENTER</li> <li>the site should be loaded; if for some reason the site is not loading wait for a moment and try again.</li> </ol> <p>If you have any problems during installation or use of TorBrowser, please, visit <a href="https://www.youtube.com/results?search_query=Install+Tor+Browser+Windows" target="_blank">https://www.youtube.com</a> and type request in the search bar "Install TorBrowser Windows" and you will find a lot of training videos about TorBrowser installation and use.</p> <hr> <p><strong>Additional information:</strong></p> <p>You will find the instructions ("README-FILE-#COMPUTER#-#TIME#.hta") for restoring your files in any folder with your encrypted files.</p> <p>The instructions "README-FILE-#COMPUTER#-#TIME#.hta" in the folders with your encrypted files are not viruses! The instructions "README-FILE-#COMPUTER#-#TIME#.hta" will help you to decrypt your files.</p> <p>Remember! The worst situation already happened and now the future of your files depends on your determination and speed of your actions.</p> </div> <span class="h">AESKEY</span> </body> </html>a:<asf>lJdn1UBDXwKI0s1b0onX3wN6XREEfmHzOBIm5M5HN7cf2uXoejNFjJt/vXCPhMA9rQ4YldSWA3TYU9+SJP6p6VRqfRvzt6+agjk4ZSF8+VJyyKXH4qezSxEdjnEaOCzafObBNyarwJDBoiHrd+fDQflHNzJUeyHuOZweBuPbjHLV1Jg7I/7kJfDK+vxTAAPUNItnUYIfqzqY1h4mP9yoxEiM0+Pvg6Lx72s9OcLtKI6UGjkW92ihEUAkEw6T8RsjmCymSRWVG+OPvvqaMZDeckLY8cMXvm2DvTlRH5byFxGSQ/Mv+KPTWeTqkIxYoOoXQwcu0z4XcLGrEiKSB308cER7plb/c5QLkmqxrhZPFnAv6P6mjeqeZYPBpqt+hYhpH3gNojGBvvOdNa5ffdF+gU3w3Rfa9Obk9LQB/g1W3mBMQi11zS0LHRvR4pnVl4L7IwFlfbNhV233LkyTcbPYktYUNY0rDo1bT5IFIgnzPPmdTVhZwtDp7bUrU+fKvJ0eEdmoREh+QLJUlIx/G5m8ZjTo4nqX1hPXV1AxaUtr1fBK1NcWi+A8AnSEXnfrEJNYt6p1B3GBA89ZFnzmVVSihbHZoFylx3fIjM0ISgP4SvkcRPi0hnLl6oL3XlXPVcjR1GIe+gZYFW1M0/9YrxRrOOf1rJiVKhPfm33WJ6mBCm4FZ4IwQmicynAW/RjtoI0CXjrzw1pcF8xFGNGt1bRY+D4xxt9/vlUUwvj6IFJeeCE5p4q2z37T41xtgepuneHUFH+LisjRSosK54IrtBpj//3IE52hD2I2m3dIQFsVsDuUn0j9zfuRpquax3Ljvzw8OYOfM+a2LOW1o21rHW6vmiB0BZWRCbdkz1OP20UmUCjMPbiFI6YILL97jSwbjjtkIPhccEZgJNZ7dN1Tf6SELRIt3uAAKS0tBXFhfQfGvxOs0b3EPMZszazmYXAnxagZ6QToGKAiKNysSAleTsbKKsvCmkhY2yUMHpFq8hYKhNQuQboICYmVeca+/IXZ1GUTpI/A13JgHCyJz09KolpkBTBojcCs8MjaNXL23CC1YymYa0EjNEzPaJejNswSGwHaRNL0WPEA0dtbEHK+es2xjLzBEObR1J1vwet4Q+HaFeu2KUSdkeLRyLuQiHSG9kOTLh1MTA1qh6ZKeGHL4lgiImWnmMSr61ZZ2ldFR0V0S70oHWFcXgh2yn0KVATUQMRU+NI0wHIdt40uOwYNmE8bxN8264hrd157WDQjKv01+RxUf4De18Wi+kTFO2UVAEjDS9ia+4cUJ28KyjYZm2/aqSrIkoxkSXRxShyXlBL1drRPFhtGrCvYl9phA+XqVuH0MQf11pU4h4V/yCZPNqAoyTLdPYWpa1Q/jdvPr79yX4sdZ1dUvu7eKWVfs378VagC4e0krIGqTjwqNLhBbOL9hig4B+8aRTNw2cYhlSNhosvVFCKyiAGqR+9vH7mKXNL0CBISIzEvJo+7tkRoN/VJYTK4P7UD8YZTI8gyUeaAeh8ZbWkGa10F5QQ/oJ86S/WPj2b2UuR28QE9yneboKJjeCFXDQLi7/yjXOPTJtN6yRWI1OsW97N1DEie2Ojf673vnYEWUcmKx6quYPtzti/gHWm18N7yV1aYon+FzFHsQmlGQbJRpmwNBuufYfJzthXTiIH1IJtGbMS/O0BUUefPmEFA9AZ8bDSjloN5lVvnpQ8vaY34+3m2/kjlDgX7sBSoNF0uHqpe1ZPvLn5NnQnCKQKhxG96HiYop0+u/5a8dPanyv3KBtb5IDQcqlCFkB8+4kdowgOImQie2wH8nDynx4+uKcyohnH5o9Y3etfvOTd4wh32wl9cxXsVzYEFT/qn/X2dgSjlTSqnoytT8uhiUgdZlJsAyGw8nYCkcyPb8rKkU0Bm0kx0ehcI9bM7Ol4REkrpOmxfJhbN6TKpv6de8WJJqAd7xle30lmV8QMNRDS1Xh06HdNgDrW9vh9WPj4100oXWcNgiBv5lDsljdI0DA66vzyXHfenY2iwuFtmXVcGLGwFl0z+lYgKp24ntDGJGuYXAC5PUZi9fwJCp9X/LyCAwsIiJuz6tjJdEL5JZ4ed3SESeBO+YIT+FXgqny/qZ4yf5wnsjdWvW5y5vj38kh0w2j6HF1tF0ZFSFsVosEv5vpCKRJ4McDSLogTpkJ8Xw6kALRKPqPvLZ0l0uYvpQeHGXJcHruBk1UkcxfNk1lPLGJ3+JY36vLnJwDxQ5ehOiBLf6H+y+z/620Ny0SK0QqphYhIX37K5Cg4J6qJtq8KRvhmt6PH5iUWKlZ0LRRf3CDM4Tkjf+nDisy0kTD24YiNBpN6QWpb2fCgr/+b4kXXoEcMK/NUKqFxaIV7y9a4mZb5d5nRdT5eDxhwt1UnWA6wOYbEZZsiZriwryny7kCw+YKPZBjmSF1RcQSaOTCk479/tcKTCHiI35EjjNU4eJKdFQiogXB1LQLZpS83zh1OXcNIiIgAa7FnLLS/KnDAjlP0uHNT4cBXN9NZaGJaCNzreISOHn3SRIowxq7l4jjEQSjQ3kGLFLgqydOPMpYbLHXl05Bm72Oa38+KXn64sDOBT2kr46WX3UC81x5waG02hCtTfHjva9uBqe1nYQSFlx9dKZGXTo9XlqNcgfZLjjy/FEJlq8Y+RO+cME4WdHDNn/ZR+t3eklr7WZUaEG7hMJnlq1hCxwdnjEw2OgZHZf7hj81MIWAB4D3qoKxxgQqRjoRXic6XyqnAy2PZHi2ES62BBNJF42jQdY2PUNh8Dk3slZfDWDMPs6MRg9h17ZHHg2NOJL65/34RSoVH+WUVdJq1Sek0N3A/hEL5CIXhpX67rnCqjJEBgaqpxBl9mdoMHlcc+e5fwPZYP0P+jrpS/9adkjCZLE4Zu52PztnZYq2f5+cnspDvm13m1JjM3ekb3REThB2+tTWFDSLIVPbNYDszLa+Js7tm6JW+HPI0XewovcY3gRtLBDpcBsZ8eDStsjgTwD65BQAsL9yI8CF46JJG2gwML+UTPLUPuw+S/3rcxHRXf0rGRpFgVQWIqkxNgoZhFWzcXR9uuvAtpYWD0hHPgSAvrbcB1w1DF7M6oS98r5FtIeDXHyNKdEhc0ZYFiDNZE42Z0vE7BJDEi52+71KAQAIhCkHkv3s6CtF3WiOxfho1nZ92gZD3wipcRVfPDRfiYMOp88cmarDfvAA1WGYaXXVxx2raHpr7i9vktdvOIlIDCKcQkR3Gu0nsJzO4kgfgXdWHoGBvWLT3TcNgfUEz+fPXSkQhH1Jo8uflgkOQwSTVC3Uj8El2TKqLLJDyygUVXIbS2w9wu966fOwOoD6+qo9uBUGcZmtpv0mlZG0AnPdSdZU/YaTcYBE/MQnIPU5IP3zETNdqYd3kpAbJMCfu/nJ7EkrzgPiKUGVzJsn4ahg6L1cgMnDC+UeC3LPa3+btjxT7phJq47/b8+44BxrmGMVccrL4sE97Sr63Ap7HJQn7oz66OouAsH5DP58DuoX4S2Q2IWBDcj14/eAX0Aafbqs1xVbnLn2kqzTjX7Qe2JBSLxhpxPdf7pugH0MKQ7JPBGWWenqp1dwXkckFh12H8gf7ji7fFc4gBrwK9r1xTnAzuFpJzIUGIYWiJ45qwM7QJHvXs3ZyFO0h/Bx1vNE0iEUCLOGoMZ5hieZAYUdvyDyRS2RE6GwCpj8Y4NBFPXpoYi5OPUbS8/AdC1Kyyq9QEkD+1QymgM4F8VIZx5bwMXpynyDtJWLxJB7hJn2PnGCISWx274hON4Jx4UdXu+CCS2LAWUy9Cv+GV8sjrl41m1eH6CRq2nhefJPc0kqijFw8jqtbBf0Y5z2FCVfeMW7xwdXsNcO6cq18jNvdTwbpG5/hzoFFw5H97dNCmAlRZZFPaq4emHcgbqiJN8w0O7y2lujVaTUA03PZwTVo8D41Si5/UJ5MxcIy1i+MJf14KurbkJBqdjLKoxODMQP9Zq6gXwfzGUafgvXzg64kaCyXVN7Jq+qyrPAiQr0DuIvGP220FYX/jDDCXGY+HVHPsN5x2vhf/wjYlzOpyxRNpq/4vOYWsbyst77cb7AbS46eR+/YgcxZ9iiCjdHeqOZ1s</asf><csf>3</csf><pub>MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEAxwcwfupnXu6PrRMW6oz0TJ7kWIOaGyAIT9glLIdBveH4qhkYFeh7wEFsKr6upqqCTrh/vlPkMaQTwkWOfyhVvsLxlAxKVLeA32wwxZTMZKxxaXlAnEVGxuMtj0rTsYq1yP4YMaAyTIPNN//0ZDEEjORMT83JUQHPp0rL/MFzpC2BhQVjubsSpXAcOuCqrwEqjiKYbp4pD8ei6X7GsR5ZWSaS+0CxMq+1K03aDksARAfo8f9Bgv2b1HA6uIBuUTX9wYAikW3eX+bllppu9ezKWlcbojYBmFsGp1ShNngnMuOplqrwxinEhDUGzJgAfgCTWR/A6BWhvYCSwv6ipFDlZrVVMGfOTWg3eKr9lvHjpzg0w6FoJh5HDgpSFzF310k0IdNiFO3milqr+MxFoC7+ehfsFq4YwEd20xWPvGCzB1ttpLWI306GByBl3UgwAkLUDG4ERwUPNkaKM4LsG+OdKRIgGfvuEoWgwoqcG4Wcn8RnPuqaJhf0ur/BoYi3sob0ltj7IYtOiQSMV53QJPYexSvObOiWKPqlptgWF+ki6LTsJu1sWG3KvVaHOY436j9cOB0zGmIQn1tP9x2+68jFHJTQfOvJuuyZ4gqAjDmsM8vxR9jvboVQaUb05Vti+znpUjK1TPkiAGH5snnMpEt/NKo1WdFrq7acGnVpvMJMBSsCARE=</pub><bsf>JKRSODLE</bsf></span></body></html>
Emails

href="mailto:[email protected]"><span

class="info">Email:[email protected]

Targets

    • Target

      17b447b971a4977b2bfb2c28659aa1dd_JaffaCakes118

    • Size

      938KB

    • MD5

      17b447b971a4977b2bfb2c28659aa1dd

    • SHA1

      4af0fc90413fffcb4f73839adcae91ccdcc7c4f0

    • SHA256

      5fa490668a9963e97d956f9a3b0c746b1d16eee9a73dfba875c9a3dc0e2c0d1b

    • SHA512

      a92fdc07cbf295bbf90174820a1a24b7909bd55845acd6f01ca36a2540aed822f6a9fca8d5d78052917b55355c65ad2a80cde03f285493277162691f51c39949

    • SSDEEP

      24576:mm0Br6HSQDqmEO5tPO8zQEWX3PnsOiaQCWFc:mcyQDqmjtzQBkOianX

    Score
    10/10
    atomsiloransomwarespywarestealer

    • AtomSilo

      Ransomware family first seen in September 2021.

      ransomwareatomsilo

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks