4e7db8c290d280ce238b3ccc7e46e76b3f1413b114250819879f13cccfc74d78

General

Target

SecuriteInfo.com.Heur.Ransom.Imps.3.6527.6272.exe
Size

13KB
Sample

240714-tzs88sybjp
MD5

d9c6f876be8e6ca42e876475c616b416
SHA1

bdd3d39b6a7f01dbdcceaa21e413e274522d759a
SHA256

4e7db8c290d280ce238b3ccc7e46e76b3f1413b114250819879f13cccfc74d78
SHA512

69dcff8daee6da53179faf8b3bc4df5ddc72f8b0c5634bf86b7099f4d5f20dd94bb823a352c56788dba3205c3849f155692051eb98ff42baf1f94258c6518a75
SSDEEP

192:NsO//ItyyXP7j9VLs2Wc8vkYcV6qU2FJFEs2+:NsE/KZVQ2Wc6kYcV6qUiJFnh

Score

10^/10

ransomware

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\README.txt

Ransom Note

You became victim of the keygroup777 RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the telegram page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: register a bitcoin 300$ @keygroup777Rezerv1 bc1qqlwuhksw3xfuug055acl7qgr8uz5l7m9qm9vcn . 2. register a bitcoin wallet : https://bitcoin-wallet.org/ru/ https://bitcoin-wallet.org/ru/ 3. Enter your personal decryption code there: e5Pc4P8WjF35 URL:https://keygroup777.github.io/keygroup777/ https://ababa1ds.github.io/keygroup777/

URLs

https://bitcoin-wallet.org/ru/

https://ababa1ds.github.io/keygroup777/

Targets

- Target
  
  SecuriteInfo.com.Heur.Ransom.Imps.3.6527.6272.exe
- Size
  
  13KB
- MD5
  
  d9c6f876be8e6ca42e876475c616b416
- SHA1
  
  bdd3d39b6a7f01dbdcceaa21e413e274522d759a
- SHA256
  
  4e7db8c290d280ce238b3ccc7e46e76b3f1413b114250819879f13cccfc74d78
- SHA512
  
  69dcff8daee6da53179faf8b3bc4df5ddc72f8b0c5634bf86b7099f4d5f20dd94bb823a352c56788dba3205c3849f155692051eb98ff42baf1f94258c6518a75
- SSDEEP
  
  192:NsO//ItyyXP7j9VLs2Wc8vkYcV6qU2FJFEs2+:NsE/KZVQ2Wc6kYcV6qUiJFnh
Score

10^/10

ransomware
- Drops file in Drivers directory
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

3

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Drops file in Drivers directory

Checks computer location settings

Drops startup file

Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2