Overview

overview

10

Static

static

3

ByteVaultX 3.0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ByteVaultX 3.0.exe

  • Size

    9.9MB

  • Sample

    240522-tarzwagc9y

  • MD5

    1cf80f1f2380d374122a6f6637b310f3

  • SHA1

    e96d7b6039faaba484c4df2f61f2a8c69429aade

  • SHA256

    ebbd48d657018e78c27a43ac929927eff48643a3cd0a91f8a6f40b1a90a9c4d5

  • SHA512

    d571e5ce5370acf15c8454398e9587c5eb9c4062bb31951ab10d058bd16e54fb0bb8d90632fe3f194dac75ccba51ef79fffa14b9acd90267262e44cb94d6e49d

  • SSDEEP

    196608:EhtqRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:RGFG8S1+TtIi+Y9Z8D8CclydoPx

Score
10/10
evasionexecutionpyinstallerransomware

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
exe.dropper

https://cdn.discordapp.com/attachments/1181543227728330774/1241192614980620318/pexels-mitja-juraja-357365-970517.jpg?ex=66494e33&is=6647fcb3&hm=5d230b14503c4586a605bc32b42ec6f5a894c21fd27c2a8ab2538482ee660c7e&

Extracted

Path

C:\Encrypt\encrypt.html

Ransom Note
Your Files Have Been Encrypted Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware The price for the Decryption is $0 in Bitcoin (BTC). Follow these steps to get your decryption: You Do It. But Remember this malware is Just For VMS This is a Test Ransomware Your Files Have Been Encrypted By The ByteVaultX Test-Ransomware Ask AI How to Use the Ransomware key with the decryption algorithm (in this case, the Fernet decryption algorithm) to decrypt each encrypted file. Save the decrypted data to new files or overwrite the original encrypted files if desired. You Will Also Have To install Python and cryptography Please note that the dercyption key is in the path C:\encrypt\Key.txt and please note you have infinite time For support, you can ask ai how to encrypt your data Trustet AI

Targets

    • Target

      ByteVaultX 3.0.exe

    • Size

      9.9MB

    • MD5

      1cf80f1f2380d374122a6f6637b310f3

    • SHA1

      e96d7b6039faaba484c4df2f61f2a8c69429aade

    • SHA256

      ebbd48d657018e78c27a43ac929927eff48643a3cd0a91f8a6f40b1a90a9c4d5

    • SHA512

      d571e5ce5370acf15c8454398e9587c5eb9c4062bb31951ab10d058bd16e54fb0bb8d90632fe3f194dac75ccba51ef79fffa14b9acd90267262e44cb94d6e49d

    • SSDEEP

      196608:EhtqRIk7AHkPkRJW9GNZA1HeT39Iig6eE9TFa0Z8DOjCdylNo1nz8QW7tx:RGFG8S1+TtIi+Y9Z8D8CclydoPx

    Score
    10/10
    evasionexecutionransomware

    • Renames multiple (174) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Blocklisted process makes network request

    • Disables RegEdit via registry modification

      evasion

    • Disables Task Manager via registry modification

      evasion

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Command and Scripting Interpreter: PowerShell

      Using powershell.exe command.

      execution

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks