Overview

overview

10

Static

static

3

ByteVault.exe

windows10-1703-x64

10

ByteVault.exe

windows7-x64

7

ByteVault.exe

windows10-2004-x64

9

ByteVault.exe

windows11-21h2-x64

10

Resubmissions

13/05/2024, 10:09

240513-l64pjshf6v 10

12/05/2024, 17:36

240512-v6qmcsbd63 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ByteVault.exe

  • Size

    9.9MB

  • Sample

    240513-l64pjshf6v

  • MD5

    4ea77d2b5cb4323fbd1738295b7add93

  • SHA1

    d00b1e2054dca021f3a15a10a3b1753b37d92b85

  • SHA256

    9b989d47e010206b0e0d50957a6f5361247bec54837ad5ef631dd613ff9f3243

  • SHA512

    09fcf25f769274399aa21b584fdc1d5efe8f1bf9aa50910e3296102e0681567ea8c60cd474fd0b3c4b6f0704fcea787bc754fb57ce903df68a6c62b1e1d1c1a6

  • SSDEEP

    196608:RhqWfIk7AHkPkRJW9GNZA1HeT39IigaeE9TFa0Z8DOjCdylwo1nz8QW7tx:zQFG8S1+TtIiEY9Z8D8CclPdoPx

Score
10/10
evasionexecutionpyinstallerransomware

Malware Config

Extracted

Path

C:\Encrypt\encrypt.html

Ransom Note
Your Files Have Been Encrypted Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware The price for the Decryption is $0 in Bitcoin (BTC). Follow these steps to get your decryption: You Do It. But Remember this malware is Just For VMS This is a Test Ransomware Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware Ask AI How to Use the Ransomware key with the decryption algorithm (in this case, the Fernet decryption algorithm) to decrypt each encrypted file. Save the decrypted data to new files or overwrite the original encrypted files if desired. You Will Also Have To install Python and cryptography Please note that the dercyption key is in the path C:\encrypt\Key.txt and please note you have infinite time For support, you can ask ai how to encrypt your data Trustet AI

Targets

    • Target

      ByteVault.exe

    • Size

      9.9MB

    • MD5

      4ea77d2b5cb4323fbd1738295b7add93

    • SHA1

      d00b1e2054dca021f3a15a10a3b1753b37d92b85

    • SHA256

      9b989d47e010206b0e0d50957a6f5361247bec54837ad5ef631dd613ff9f3243

    • SHA512

      09fcf25f769274399aa21b584fdc1d5efe8f1bf9aa50910e3296102e0681567ea8c60cd474fd0b3c4b6f0704fcea787bc754fb57ce903df68a6c62b1e1d1c1a6

    • SSDEEP

      196608:RhqWfIk7AHkPkRJW9GNZA1HeT39IigaeE9TFa0Z8DOjCdylwo1nz8QW7tx:zQFG8S1+TtIiEY9Z8D8CclPdoPx

    Score
    10/10
    evasionexecutionransomware

    • Renames multiple (165) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks