Resubmissions

25-06-2024 12:19

240625-phcgyayhqe 10

28-11-2021 04:49

211128-ff255sfhgj 10

General

  • Target

    e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

  • Size

    128KB

  • Sample

    240625-phcgyayhqe

  • MD5

    99e949ddd57dbc19457eba5f235516f3

  • SHA1

    99f9270e85ec53b8dada459279d30e8b169462c1

  • SHA256

    e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

  • SHA512

    4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41

  • SSDEEP

    3072:pfco6OkRGbNsjjZviLhrafY1Cv95dzo5:pf6OwGBs3Z6LhrqYGNzo

Malware Config

Extracted

Path

C:\Program Files\DVD Maker\How to decrypt files.txt

Family

targetcompany

Ransom Note
Your personal identifier: BRD454A21JS All files on BRG Precision Products network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. In addition, we downloaded about 100 gb of data from your network. We will publish the data if you do not negotiate with us. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact * Follow the instructions on the website. Q: What guarantees? A: Before paying, we can decrypt several of your test files. Files should not contain valuable information. Q: Can I decrypt my data for free or through intermediaries? A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam. �
URLs

http://eghv5cpdsmuj5e6tpyjk5icgq642hqubildf6yrfnqlq3rmsqk2zanid.onion/contact

Targets

    • Target

      e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

    • Size

      128KB

    • MD5

      99e949ddd57dbc19457eba5f235516f3

    • SHA1

      99f9270e85ec53b8dada459279d30e8b169462c1

    • SHA256

      e351d4a21e6f455c6fca41ed4c410c045b136fa47d40d4f2669416ee2574124b

    • SHA512

      4b4746c6d23be8d445876e5e6931d48ebbac8eca6c4ad545b6dc94c400f768df87ad03984c1c83a7e7d0225fd8cdd6305e4f7ef4d580378b42424288def7fa41

    • SSDEEP

      3072:pfco6OkRGbNsjjZviLhrafY1Cv95dzo5:pf6OwGBs3Z6LhrqYGNzo

    • TargetCompany,Mallox

      TargetCompany (aka Mallox) is a ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Modifies boot configuration data using bcdedit

    • Renames multiple (6841) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.