Resubmissions

22-06-2024 18:41

240622-xb3pjsyhpe 10

22-06-2024 17:04

240622-vlcj1azdrp 10

General

  • Target

    df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d

  • Size

    534KB

  • Sample

    240622-vlcj1azdrp

  • MD5

    8e8eaa9b81f664c796225ac49e9ecb71

  • SHA1

    320e25a4b4918dd76582c7f7e68f3d68268b17f7

  • SHA256

    df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d

  • SHA512

    66529bd7faa3275856fa87e7ec5ed250b0fc694f12e5fab2d1e84aa367844d42c7a19911065c9f2985752d55addc921797c77861081f2f40b5f1a69f84d935d0

  • SSDEEP

    12288:1FF+1IiVMR/La01MZa03EiYIRKoMDKd+A1Ll7e7:1FFroMROFZa03EiYILWWvll74

Malware Config

Extracted

Path

C:\Users\DECRYPT-FILES.html

Ransom Note
<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000000; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5 px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta http-equiv="Content-Style-Type" content="text/css"> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 15%;"> <td style="width: 70%;"> <div style="text-align: center; font-size: 20px;"> <p><b>Encrypted by Maze ransomware v1.2</b></p> <p>!한국어 버전은 아래로 스크롤하십시오!</p> <p>********************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>********************************************************************************************</p> <div style="text-align: center; font-size: 15px;"> <p><b>What is going on?</b><br>Your files have been encrypted using strong reliable algorithms RSA-2048 and ChaCha20 with an unique private key for your system</p> <p>You can read more about this cryptosystem here: <a href=https://en.wikipedia.org/wiki/RSA_(cryptosystem)>https://en.wikipedia.org/wiki/RSA_(cryptosystem)</a></p> <p>The only way to recover (decrypt) your files is to buy decryptor with the unique private key</p> <p><u>Attention! Only we can recover your files! If someone tell you that he can do this, kindly ask him to proof!</u></p> <p>By us you can decrypt one of your files for free as a proof of work that we have the method to decrypt the rest of your data.</p> <p>In order to either buy the private key or make test decryption contact us via email: <br> <u><b>1) E-mail: [email protected]<br>2) E-mail: [email protected]</b></u> <p><u>Please write to the both email addresses</u></p> <p>Remember to hurry up as email address may not be available for very long as soon as law enforcements of different countries always trying to seize emails used in ransom companies <p>If you are willing to pay but you are not sure knock us and we will save your e-mail address. In case the listed addresses are seized we will write you from the new one</p> <p>Below the Korean text you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br><br> <p>*****************************************************************</p> <p>주의! 문서, 사진, 데이터베이스 및 기타 중요한 파일이 암호화되었습니다!</p> <p>*****************************************************************</p> </div> <div style="text-align: center; font-size: 13px;"> <p><b>무슨 일 이니?</b><br>시스템에 고유 한 개인 키가있는 강력한 신뢰할 수있는 알고리즘 RSA-2048 및 ChaCha20을 사용하여 파일이 암호화되었습니다.</p> <p>이 암호 시스템에 대한 자세한 내용은 다음을 참조하십시오. <a href="https://ko.wikipedia.org/wiki/RSA_%EC%95%94%ED%98%B8">https://ko.wikipedia.org/wiki/RSA_%EC%95%94%ED%98%B8</a></p> <p>파일을 복구 (암호 해독)하는 유일한 방법은 고유 개인 키로 암호 해독기를 구입하는 것입니다</p> <p>주의! 우리는 당신의 파일을 복구 할 수 있습니다! 누군가가이 일을 할 수 있다고 말하면 친절하게 그에게 증거 해달라고 부탁하십시오!</p> <p>우리는 귀하의 파일 중 하나를 해독하여 나머지 데이터를 해독 할 수있는 작업 증명 자료로 무료로 해독 할 수 있습니다.</p> <p>개인 키를 사거나 테스트 암호 해독을 위해 이메일을 통해 저희에게 연락하십시오 : 메인 전자 메일 : <br> <u><b>1) E-mail: [email protected]<br>2) E-mail: [email protected]</b></u> <p><u>두 개의 이메일 주소를 모두 적어주십시오</u></p> <p>다른 국가의 법 집행 기관이 항상 몸값 회사에서 사용되는 전자 메일을 압류하려고하자마자 전자 메일 주소를 사용할 수 없을 수도 있으므로 서두르는 것을 잊지 마십시오.</p> <p>지불 할 의향이 있지만 우리를 잘 모르겠다면 전자 메일 주소를 저장합니다. 나열된 주소가 압수되면 우리는 새 주소에서 귀하를 씁니다.</p> <p>아래에 큰 base64 얼룩이 보일 것입니다. 이메일을 보내고이 얼룩을 우리에게 복사해야합니다. 클릭하면 클립 보드에 복사됩니다.</p> <p>복사하는 데 문제가 있으면 현재 읽고있는 파일을 첨부 파일로 보내주십시오.</p> <p>Base64 :</p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">q5rumgB+lP1CLey5n20M/7JnRAGBeBubS34On8ndsqvLrlAig6CEvobOGEktNS85NdbgQT0JCAZN09//MT1O4PdTox/1FA0IOKuoQhc7oNHRFAAyLc7nmTNkvNgv6cMmSVroHopmzO0ZmkE7t/NfmeJ9OYQu+5UqDZ2QB622lWxUyutTepHhHKxr6pJ/zHE22d/D0zuRsA2HupIkWrAyzLAwAWiOmtJH2dhgXotkswqgsNxt5EtI/Hj43BjdRAuCD0gIx5Fcc/VKLP/ydZr63hh4l6DH0FE/rSsn2l3JOcXHheu9YNJsZrb4FspTzUUqWqXuehrGO1LAiJ6kwiqvGRIyR04z3azvpd+1q/9lOj7N0aqFv1PJoLf37WEfwaaX0+TkGozBHcbB4q9yp40vYPc69y70B7p9VMghiml+H0G3q5yWwokcCXlOhpJ5WlO8wZzrJ4ZrFrk5CIPqfRDf7Az+vifmHej4BOEvREkgdBRKZuDj4a4olvp8Vd2bpjp6JZI0DeHHDvp2bNvuok7EtfXOOYtSmDkz2sJwmGNXFuBSOJ1mdHaJCboNeMlgJUreEGcFMO/CcBElU9gKSQMDOzWPEbGRCjAgDKCZvaUgjJ3MtycENSVJT8fEWSOMkfwnboYsGr4eV9vUNJDW2fLf890jyB2I8RmPap4kTPcdX2uGfhtbYn4e9gW98+QP6RQgYibkxUr1CrhR+57xCoB6+Wg4v3bPkTznVApHQZkcOB5VqPE6eOM4tGwosUzyoJC4THdZ0FxjFFnHPwdKyHWSHdSvvYVbnjI4syIvsDrgG+i399jtDc9DIY+MX85Rdfpyw3IfnP2rmw+NXsoU3/IBOU/+mg2SalK10aD80db0gC9zTsOgGWd5q3Y7daMQKDzSVDNW2JLtXi8dJ7bhTkisiG5AndJPWmyiKRltDa62dkCstNmyprDgwLXEgoElJq5UWipN1N2QhkRGz47ei2sk4fe1p63NgFXN6cVWnJ45cLb8/r7C+8IjcpYUCrPuc3P2DDw+F3lUlTltSGpr21dKPNAYkwiGfb+zwOzMwq8slkKHSYQzb0Qq8eZE/koHKG6HzIohiE0HOxlLjPpi1gzi0k9Jxs6P5D0pde2Nn5IJ1rnU8vRJi9HNdfAqxjnYkZvfC4/jXoWYUdS277/Js/ecxUEFeKt2J/tIuDUoGwUqdOUndUeCNLyJf4c/cjP7VrPEwfXBNG+RzCUrhcB8J6IXM3R8ScMIW0VbtI60I6bq0n/+cDXPWJ3W6/wz4FgWggAN/sEbFlpoJlLcWl28KaOu1+oQUOfx2of2SQz3phYYpTISuuh2u25wDZFl3MIRmY0DoghKlwl8hfzm9TXr7jS+5SExds39hII2O2o4pWv+ChWczMOKrUni8GJvPiYWHkZYRJrCGlIXsM0gz+mlhdz9NY6lIoaDo4AvUHRG+46Dvpfph991nN9ym2/47ovpsobNHpgyMA+TyZKx4aULubkt5mnQNSlgeGpHIXXliKKSKFqftSV/+qnpsNru6QyV8FWPplZDWGic7qH/ZdlxBw3FT3aeMtJoHQWifNROs6UXf6OlN1SJmcOGg3sS0+nRNiQ6bxtyQv1MMRWFgebNJ0Qwth+sCkHqbnnokK4NOFoLMq5RC1KebBHi1XPAXWxyjGRkIBlrv6Jk6jh6eMlJSIucTp/RKAuw8HEtSUtloQyXzdE5KVNljUSLFHxDO1vIXsKZYk1idCjPVsmHDdY2vEPqfWfq8zFeI6Si3anYAIeRyqrvcl6o+3vIwa4ombpqp+7g4UoR3jeQzz7V9Fr9JAIheNlWh1jHetMv2ahIFzJv+y/GMxu4MrVGu5DR4IK6JNHmc5zJZ9+hEJ7J5NbSzoT7r1eB7ek9+DCeZArMKpu/pLZGiAmrspSgvG/qE4x7xwQc6RsR/SxVBjoE+BStqPyC/2rIcZouay9rgFpdzKQfTqXH/5YyKQCmD0cbMu1Tmdq/UJocJ2htHADrjiw+vdn0c67bz01HKPtAG44q2yR1+O1dZhPuqkrXxYfUeh6PY+7wa/UBxKcjpm8PmcPu2osqbnN0U1X3cUCIBLjGgWae/HHpXCYRQ+8SK4TucRozXlZ4p+OqktKSfN5DKeSdcztWYXdfknsQAQPR9Z+H0s3Y8l26d3lzk97zgVY1lkoX/INTJmUaYJ6XsdHqYf04Dlh/prGGM+uvK04qormggLWDBa1L1RIrY+80egHHmlE0GqZRSXAkIQoiOAA3ADEAZQAwADkANwA1AGYAOQAxADIAYQBkAGQAZQAAABCAYBoMQQBkAG0AaQBuAAAAIhJUAEkAQwBDAEEAVQBUAEQAAAAqDG4AbwBuAGUAfAAAADImVwBpAG4AZABvAHcAcwAgADcAIABVAGwAdABpAG0AYQB0AGUAAABCVnwAQwBfAEYAXwAyADAANAA4ADYALwAyADQAMQAzADYAMQB8AEQAXwBVAF8AMAAvADAAfABGAF8ARgBfADIAMAAzADgAOQAvADIAMAA0ADcAOQB8AAAASABQQFiJCGCJCGiJCHDxzdh7eAmAAQGKAQMxLjI=<span class="tooltiptext">복사하려면 여기를 클릭하십시오</span></p></div></td><td style="width: 25%; text-align: right;"> </tr></table> </body></html>
Emails

[email protected]<br>2

[email protected]</b></u>

URLs

http-equiv="Content-Type"

http-equiv="Content-Style-Type"

Targets

    • Target

      df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d

    • Size

      534KB

    • MD5

      8e8eaa9b81f664c796225ac49e9ecb71

    • SHA1

      320e25a4b4918dd76582c7f7e68f3d68268b17f7

    • SHA256

      df2175421c791abbbe00721d185b0126fdcfa65948c5df89db284ccd4ae65d4d

    • SHA512

      66529bd7faa3275856fa87e7ec5ed250b0fc694f12e5fab2d1e84aa367844d42c7a19911065c9f2985752d55addc921797c77861081f2f40b5f1a69f84d935d0

    • SSDEEP

      12288:1FF+1IiVMR/La01MZa03EiYIRKoMDKd+A1Ll7e7:1FFroMROFZa03EiYILWWvll74

MITRE ATT&CK Enterprise v15

Tasks