Overview

overview

10

Static

static

3

ByteVaultX.exe

windows10-2004-x64

10

Resubmissions

14/05/2024, 18:23

240514-w1zthshh41 10

13/05/2024, 21:01

240513-ztxbladf2y 10

12/05/2024, 21:15

240512-z3wresbc22 10

12/05/2024, 13:04

240512-qa9m5sfh5s 10

11/05/2024, 18:53

240511-xjxs9sfb93 10

11/05/2024, 18:50

240511-xhcrpsfb22 10

09/05/2024, 20:37

240509-zekn9add7w 10

08/05/2024, 18:50

240508-xg5q4ahg6w 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ByteVaultX.exe

  • Size

    9.9MB

  • Sample

    240511-xjxs9sfb93

  • MD5

    2d967cef344d7bd9714b91e0d9ecca77

  • SHA1

    54d239693cb5a5f39bc8923c8245fa562cdfd4cb

  • SHA256

    2dcf8fb11743511e89d2d5a2082a7211079c43dc2b9e3b783d61d8fe2e2fe449

  • SHA512

    a576c7d1d846eea5b4b1e347e8adaca8d9961259c8be2ef90e93e710ef1eb02edf06014230b8b43338fe67e5f73dcbb9d4f1b5924ef74219f636fb74e5d9b70e

  • SSDEEP

    196608:0hFdRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:4GFG8S1+TtIi+Y9Z8D8CclydoPx

Score
10/10
evasionexecutionpyinstallerransomware

Malware Config

Extracted

Path

C:\Encrypt\encrypt.html

Ransom Note
Your Files Have Been Encrypted Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware The price for the Decryption is $0 in Bitcoin (BTC). Follow these steps to get your decryption: You Do It. But Remember this malware is Just For VMS This is a Test Ransomware Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware Ask AI How to Use the Ransomware key with the decryption algorithm (in this case, the Fernet decryption algorithm) to decrypt each encrypted file. Save the decrypted data to new files or overwrite the original encrypted files if desired. You Will Also Have To install Python and cryptography Please note that the dercyption key is in the path C:\encrypt\Key.txt and please note you have infinite time For support, you can ask ai how to encrypt your data Trustet AI

Targets

    • Target

      ByteVaultX.exe

    • Size

      9.9MB

    • MD5

      2d967cef344d7bd9714b91e0d9ecca77

    • SHA1

      54d239693cb5a5f39bc8923c8245fa562cdfd4cb

    • SHA256

      2dcf8fb11743511e89d2d5a2082a7211079c43dc2b9e3b783d61d8fe2e2fe449

    • SHA512

      a576c7d1d846eea5b4b1e347e8adaca8d9961259c8be2ef90e93e710ef1eb02edf06014230b8b43338fe67e5f73dcbb9d4f1b5924ef74219f636fb74e5d9b70e

    • SSDEEP

      196608:0hFdRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:4GFG8S1+TtIi+Y9Z8D8CclydoPx

    Score
    10/10
    evasionexecutionransomware

    • Renames multiple (126) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Modifies Windows Firewall

      evasion

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks