General

  • Target

    Telegram.lnk

  • Size

    1KB

  • Sample

    240718-k1t3gs1grq

  • MD5

    f41af6e5d14c7c68a9a3093d709579a6

  • SHA1

    ee2548e831fb3a16f980c16992acfc4411afa1a5

  • SHA256

    85e3c92814e9abdbf40c9161e51fe7b141eba071e3419da242c7b9608ee6f81d

  • SHA512

    afc297dfbd93f7a33222bca486bc7cf87feb73156ecdb1c9ec85a4c6b6d9aac83583c68727a01178adf792e6a0c30e5d9c58a924cf275f5f9578613754866d0e

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\Telegram Desktop\Май7\[GT]45.183.221.3\Important Files\Desktop\BACKUP ELI MORALES 151223\DOCUMENTOS\bQ8ODxIi2.README.txt

Ransom Note
~~~ AlphaCat ~~~ >>>> Your data are stolen and encrypted >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack worldwide and there is no dissatisfied victim after payment. >>>> You need contact us via email with srenshot of btc transaction and your personal DECRYPTION ID Contact via Email with your personal Decryption id !: [email protected] Send 400$ (0.006 BTC) at this address --> bc1qkr7wxuqwet9w6920vk94p7npkxh33fc7prv55q >>>> Your personal DECRYPTION ID: D53F15BF767167BCBEBFBFBFBFBFBFBF >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack repeatedly again!

Extracted

Path

C:\Users\Admin\Downloads\Telegram Desktop\Май9\ES_85.251.25.209_09-05-2024\Files\desktop\CAJA DE PANDORA\OPOSICION\Oposiciones Auxiliar SAS\_openme.txt

Ransom Note
---------------------------------------------- ALL YOUR FILES ARE ENCRYPTED ----------------------------------------------- Don't worry, you can return all your files! All your files documents, photos, databases and other important are encrypted with strongest encryption and unique key. The only method of recovering files is to purchase decrypt tool and unique key for you. This software will decrypt all your encrypted files. What guarantees do we give to you? You can send one of your encrypted file from your PC and we decrypt it for free. But we can decrypt only 1 file for free. File must not contain valuable information. You can download video overview decrypt tool: https://www.sendspace.com/file/1sg7f3 Don't try to use third-party decrypt tools because it will destroy your files. Discount 50% available if you contact us first 72 hours. --------------------------------------------------------------------------------------------------------------------------- To get this software you need write on our e-mail: [email protected] Reserve e-mail address to contact us: [email protected] Your personal ID: 024Dw3Onq6xTwFclMVM5sogt0Cj4rW1ErmiXp6lQdTJ
URLs

https://www.sendspace.com/file/1sg7f3

Targets

    • Target

      Telegram.lnk

    • Size

      1KB

    • MD5

      f41af6e5d14c7c68a9a3093d709579a6

    • SHA1

      ee2548e831fb3a16f980c16992acfc4411afa1a5

    • SHA256

      85e3c92814e9abdbf40c9161e51fe7b141eba071e3419da242c7b9608ee6f81d

    • SHA512

      afc297dfbd93f7a33222bca486bc7cf87feb73156ecdb1c9ec85a4c6b6d9aac83583c68727a01178adf792e6a0c30e5d9c58a924cf275f5f9578613754866d0e

    • Gandcrab

      Gandcrab is a Trojan horse that encrypts files on a computer.

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v15

Tasks