Overview

overview

10

Static

static

10

eb82946fa0...12.exe

windows7-x64

10

eb82946fa0...12.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    448f1796fe8de02194b21c0715e0a5f6.bin

  • Size

    94KB

  • Sample

    240626-cx4thszaqa

  • MD5

    b8916e7d84dc09c81075443caae03e66

  • SHA1

    518bfbb08f5bc0f7b33b108ed470a66c74ef7332

  • SHA256

    abc998463e6dbdd889ec75385734fd52e82c1c7d050335ad6ceaf4970538667f

  • SHA512

    6c5cd03163c94e103130f88f785200ad784cd78587ac118bda399c2ecb2486f014ec41d4cb49d6c68c3eec6c8ea745bef338abc111741c68dcf8907fcc5d0aa9

  • SSDEEP

    1536:G9g2luKtnuAyzupkMuDE+hS+tB4CkNNNgzTHSdmXG6ca0JfmE3TtK0WyoOFiH:agedk92VT2SMXGXa0j3MTOFiH

Score
10/10
lockbitransomwarespywarestealer

Malware Config

Extracted

Path

C:\sYMY1N6ah.README.txt

Ransom Note
*** Welcome to Brain Cipher Ransomware! *** Dear managers! If you're reading this, it means your systems have been hacked and encrypted and your data stolen. *** The most proper way to safely recover your data is through our support. We can recover your systems within 4-6 hours. In order for it to be successful, you must follow a few points: 1.Don't go to the police, etc. 2.Do not attempt to recover data on your own. 3.Do not take the help of third-party data recovery companies. In most cases, they are scammers who will pay us a ransom and take a for themselves. *** If you violate any 1 of these points, we will refuse to cooperate with you!!! 3 steps to data recovery: 1. Download and install Tor Browser (https://www.torproject.org/download/) 2. Go to our support page: http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion 3. Enter your encryption ID: M8AL5cWJEU5CnMMPwCdt4x9NVn0ZY2uNtIgnKwkDJwdPbnanVROYFzGmgUCImexTGDmINYgSZXdlhM7D199lNMb294TGY2 Email to support: [email protected]
URLs

http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion

Targets

    • Target

      eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12.exe

    • Size

      147KB

    • MD5

      448f1796fe8de02194b21c0715e0a5f6

    • SHA1

      935c0b39837319fda571aa800b67d997b79c3198

    • SHA256

      eb82946fa0de261e92f8f60aa878c9fef9ebb34fdababa66995403b110118b12

    • SHA512

      0b93b2c881b1351ff688089abf12bbfcff279c5d6ca8733d6d821c83148d73c85cfedf5ab5bc02c2145970124b518551db3a9fc701d8084f01009ae20f71a831

    • SSDEEP

      3072:l6glyuxE4GsUPnliByocWep0yjEJ3hDRMK89nB2:l6gDBGpvEByocWeebbMjV4

    Score
    10/10
    ransomwarespywarestealer

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks