Overview

overview

10

Static

static

10

2024-06-27...de.exe

windows7-x64

10

2024-06-27...de.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-06-27_ea33f1fc03d9dd63498e0e8fc65bf5b7_darkside

  • Size

    146KB

  • Sample

    240627-fb518ssgmd

  • MD5

    ea33f1fc03d9dd63498e0e8fc65bf5b7

  • SHA1

    7a52ee60bf304ce6856ac5314b177c73d5dd66c0

  • SHA256

    e8844c1a0ade5019aea7d0c765fe9e9f0c3218ba1ac1280d65600da74f99cab0

  • SHA512

    1aed751359f5b84c826ccce314ee62042c916792e3036f6c68431694e25cce55eadbbb83767030c4e97542a3454764cca7423cf48ab33f1fdf7e387a3ed9dfbb

  • SSDEEP

    3072:sqJogYkcSNm9V7DXqZRAai16/qJcfgzT:sq2kc4m9tDaZekg

Score
10/10
lockbitransomwarespywarestealer

Malware Config

Extracted

Path

C:\0ipW5kxxq.README.txt

Ransom Note
>>>> Your data are stolen and encrypted >>>> Your personal DECRYPTION ID: 6746CCA3A77DBDF97BE3E4BAF3B0E083 >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> You need contact us and decrypt one file for free with your personal DECRYPTION ID message us for decrypt https://getsession.org/ 05abfaffce7c1bf1d7cfcd6a160dbbbe7fd7c24b935e68282c43a30b28cea7d52f
URLs

https://getsession.org/

Extracted

Path

C:\0ipW5kxxq.README.txt

Ransom Note
>>>> Your data are stolen and encrypted >>>> Your personal DECRYPTION ID: 6746CCA3A77DBDF953BCC43B254EF3C7 >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again! >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> You need contact us and decrypt one file for free with your personal DECRYPTION ID message us for decrypt https://getsession.org/ 05abfaffce7c1bf1d7cfcd6a160dbbbe7fd7c24b935e68282c43a30b28cea7d52f
URLs

https://getsession.org/

Targets

    • Target

      2024-06-27_ea33f1fc03d9dd63498e0e8fc65bf5b7_darkside

    • Size

      146KB

    • MD5

      ea33f1fc03d9dd63498e0e8fc65bf5b7

    • SHA1

      7a52ee60bf304ce6856ac5314b177c73d5dd66c0

    • SHA256

      e8844c1a0ade5019aea7d0c765fe9e9f0c3218ba1ac1280d65600da74f99cab0

    • SHA512

      1aed751359f5b84c826ccce314ee62042c916792e3036f6c68431694e25cce55eadbbb83767030c4e97542a3454764cca7423cf48ab33f1fdf7e387a3ed9dfbb

    • SSDEEP

      3072:sqJogYkcSNm9V7DXqZRAai16/qJcfgzT:sq2kc4m9tDaZekg

    Score
    10/10
    ransomwarespywarestealer

    • Renames multiple (337) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks