General

  • Target

    Ultimate Evasion.bat

  • Size

    5KB

  • Sample

    240516-2ezvaabg54

  • MD5

    57d198f4c1f05b4c50c816c9e5a3296b

  • SHA1

    1a98ad63de1964325434ec0b5d96aeb8b6156c16

  • SHA256

    84e7ea1bdcdf849b82c97dbd9d299862ceb35232c0c3866204ac5f97aaa417ca

  • SHA512

    112e24a57d6a6fd501a9817379d216e8eb1c62b3e8886f7cc93d18be2e553a5923ad64caa5428508d84ec9c0a12d6d126bc90212bf6b269291ac61eeaafba19f

  • SSDEEP

    96:i0ry5wCaRWzWLBLVCaRWzWgMGjU8h/8rF8B78MzqVeeyozZWNVyRhk:i0hCaRWzWXCaRWzWgMoUWqe71uQNVyRm

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/1181543227728330774/1237538022371754046/ByteVaultX.exe?ex=66473758&is=6645e5d8&hm=86bba81d6232969cb4ade81e882b8bcee5f5dacefa6cc2ac70ca40db4c969e4c&

Extracted

Path

C:\Encrypt\encrypt.html

Ransom Note
Your Files Have Been Encrypted Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware The price for the Decryption is $0 in Bitcoin (BTC). Follow these steps to get your decryption: You Do It. But Remember this malware is Just For VMS This is a Test Ransomware Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware Ask AI How to Use the Ransomware key with the decryption algorithm (in this case, the Fernet decryption algorithm) to decrypt each encrypted file. Save the decrypted data to new files or overwrite the original encrypted files if desired. You Will Also Have To install Python and cryptography Please note that the dercyption key is in the path C:\encrypt\Key.txt and please note you have infinite time For support, you can ask ai how to encrypt your data Trustet AI

Targets

    • Target

      Ultimate Evasion.bat

    • Size

      5KB

    • MD5

      57d198f4c1f05b4c50c816c9e5a3296b

    • SHA1

      1a98ad63de1964325434ec0b5d96aeb8b6156c16

    • SHA256

      84e7ea1bdcdf849b82c97dbd9d299862ceb35232c0c3866204ac5f97aaa417ca

    • SHA512

      112e24a57d6a6fd501a9817379d216e8eb1c62b3e8886f7cc93d18be2e553a5923ad64caa5428508d84ec9c0a12d6d126bc90212bf6b269291ac61eeaafba19f

    • SSDEEP

      96:i0ry5wCaRWzWLBLVCaRWzWgMGjU8h/8rF8B78MzqVeeyozZWNVyRhk:i0hCaRWzWXCaRWzWgMoUWqe71uQNVyRm

    • Renames multiple (128) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

MITRE ATT&CK Enterprise v15

Tasks