Overview

overview

10

Static

static

3

Avira.exe

windows11-21h2-x64

10

Resubmissions

11-05-2024 18:52

240511-xjhz4scd3t 10

10-05-2024 13:31

240510-qsva6sha4s 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Avira.exe

  • Size

    9.9MB

  • Sample

    240510-qsva6sha4s

  • MD5

    6ac42549b4756d9a0a58b6540a7fef39

  • SHA1

    800662d3fb01aaf64c334086282514176fedf1b5

  • SHA256

    1bbc721d51037eec58aab145b56f1be72830ea05c15b5a06a48e3e08779e44c0

  • SHA512

    0dc40c0cb54a0145b859c8386bad8e0035a1792a88635f899cf993f6ce4d9f3d5a334da3dbba6103d2b6b7bca1ba1fd3da1519f02264ec583085e56dc5df537b

  • SSDEEP

    196608:4h58fIk7AHkPkRJW9GNZA1HeT39IigaeE9TFa0Z8DOjCdylwo1nz8QW7tx:JQFG8S1+TtIiEY9Z8D8CclPdoPx

Score
10/10
evasionexecutionpyinstallerransomware

Malware Config

Extracted

Path

C:\Encrypt\encrypt.html

Ransom Note
Your Files Have Been Encrypted Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware The price for the Decryption is $0 in Bitcoin (BTC). Follow these steps to get your decryption: You Do It. But Remember this malware is Just For VMS This is a Test Ransomware Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware Ask AI How to Use the Ransomware key with the decryption algorithm (in this case, the Fernet decryption algorithm) to decrypt each encrypted file. Save the decrypted data to new files or overwrite the original encrypted files if desired. You Will Also Have To install Python and cryptography Please note that the dercyption key is in the path C:\encrypt\Key.txt and please note you have infinite time For support, you can ask ai how to encrypt your data Trustet AI

Targets

    • Target

      Avira.exe

    • Size

      9.9MB

    • MD5

      6ac42549b4756d9a0a58b6540a7fef39

    • SHA1

      800662d3fb01aaf64c334086282514176fedf1b5

    • SHA256

      1bbc721d51037eec58aab145b56f1be72830ea05c15b5a06a48e3e08779e44c0

    • SHA512

      0dc40c0cb54a0145b859c8386bad8e0035a1792a88635f899cf993f6ce4d9f3d5a334da3dbba6103d2b6b7bca1ba1fd3da1519f02264ec583085e56dc5df537b

    • SSDEEP

      196608:4h58fIk7AHkPkRJW9GNZA1HeT39IigaeE9TFa0Z8DOjCdylwo1nz8QW7tx:JQFG8S1+TtIiEY9Z8D8CclPdoPx

    Score
    10/10
    evasionexecutionransomware

    • Renames multiple (161) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks