General

  • Target

    464622890dea3c326440b7d1f6da9f63dd2dfd98678965aa220ed62773a2cc70.exe

  • Size

    124KB

  • Sample

    240726-dhwp2asdrq

  • MD5

    0cb2bee8074cb07353243e43c4bae542

  • SHA1

    b28849ca5af421be4110b75e4c6c1b562c3153f0

  • SHA256

    464622890dea3c326440b7d1f6da9f63dd2dfd98678965aa220ed62773a2cc70

  • SHA512

    75795f8a605b47a8c209be8e60e706bf45ce1d16d1bdbbfaa4b54cdb444069ebf6c93f819f10b5eb741d30643c8f6f614ffdbdf94eb21d91306cd9caca52880c

  • SSDEEP

    1536:SIFyccBbsMA0fi5WU7kmysp4COVICS4A6vTNKZETNA28V5/Ogsck:g1ffUjyobkvTNKZETNF8V8v

Malware Config

Extracted

Family

sodinokibi

Botnet

$2a$10$PRliCdjvILpWha0dXt26COEfG3S.LFJG/H9fqsY0uepzhaO43cC36

Campaign

3665

Decoy

1kbk.com.ua

kalkulator-oszczednosci.pl

creative-waves.co.uk

mirkoreisser.de

fotoideaymedia.es

abogados-en-alicante.es

liikelataamo.fi

klusbeter.nl

jameskibbie.com

marathonerpaolo.com

milestoneshows.com

live-con-arte.de

tinyagency.com

beautychance.se

slwgs.org

midmohandyman.com

herbayupro.com

panelsandwichmadrid.es

baronloan.org

izzi360.com

Attributes
  • net

    false

  • pid

    $2a$10$PRliCdjvILpWha0dXt26COEfG3S.LFJG/H9fqsY0uepzhaO43cC36

  • prc

    visio

    CagService

    VeeamTransportSvc

    dbsnmp

    msaccess

    bedbh

    DellSystemDetect

    encsvc

    VeeamDeploymentSvc

    steam

    mydesktopqos

    sqbcoreservice

    dbeng50

    mydesktopservice

    firefox

    outlook

    tbirdconfig

    raw_agent_svc

    ocomm

    pvlsvr

    isqlplussvc

    sql

    ocautoupds

    thunderbird

    excel

    synctime

    EnterpriseClient

    wordpad

    bengien

    vsnapvss

  • ransom_oneliner

    All of your files are encrypted! Find {EXT}-readme.txt and follow instuctions

  • ransom_template

    ---=== Welcome Massive Prints. ===--- [+] Whats Happen? [+] Your files are encrypted, and currently unavailable. You can check it: all files on your system has extension {EXT}. By the way, everything is possible to recover (restore), but you need to follow our instructions. Otherwise, you cant return your data (NEVER). [+] What guarantees? [+] Its just a business. We absolutely do not care about you and your deals, except getting benefits. If we do not do our work and liabilities - nobody will not cooperate with us. Its not in our interests. To check the ability of returning files, You should go to our website. There you can decrypt one file for free. That is our guarantee. If you will not cooperate with our service - for us, its does not matter. But you will lose your time and data, cause just we have the private key. In practice - time is much more valuable than money. [+] How to get access on website? [+] You have two ways: 1) [Recommended] Using a TOR browser! a) Download and install TOR browser from this site: https://torproject.org/ b) Open our website: http://aplebzu47wgazapdqks6vrcv6zcnjppkbxbr6wketf56nf6aq2nmyoyd.onion/{UID} 2) If TOR blocked in your country, try to use VPN! But you can use our secondary website. For this: a) Open your any browser (Chrome, Firefox, Opera, IE, Edge) b) Open our secondary website: http://decryptor.cc/{UID} Warning: secondary website can be blocked, thats why first variant much better and more available. When you open our website, put the following data in the input form: Key: {KEY} ----------------------------------------------------------------------------------------- !!! DANGER !!! DONT try to change files by yourself, DONT use any third party software for restoring your data or antivirus solutions - its may entail damage of the private key and, as result, The Loss all data. !!! !!! !!! ONE MORE TIME: Its in your interests to get your files back. From our side, we (the best specialists) make everything for restoring, but please should not interfere. !!! !!! !!!

  • sub

    3665

  • svc

    MSSQL

    VeeamTransportSvc

    CAARCUpdateSvc

    AcrSch2Svc

    bedbg

    stc_raw_agent

    sophos

    BackupExecDiveciMediaService

    BackupExecVSSProvider

    VeeamNFSSvc

    CASAD2DWebSvc

    BackupExecAgentAccelerator

    veeam

    vss

    MSSQL$

    MSExchange

    sql

    PDVFSService

    VSNAPVSS

    MVarmor64

    AcronisAgent

    ARSM

    BackupExecRPCService

    VeeamDeploymentService

    svc$

    BackupExecAgentBrowser

    MVArmor

    MSExchange$

    BackupExecJobEngine

    mepocs

Targets

    • Target

      464622890dea3c326440b7d1f6da9f63dd2dfd98678965aa220ed62773a2cc70.exe

    • Size

      124KB

    • MD5

      0cb2bee8074cb07353243e43c4bae542

    • SHA1

      b28849ca5af421be4110b75e4c6c1b562c3153f0

    • SHA256

      464622890dea3c326440b7d1f6da9f63dd2dfd98678965aa220ed62773a2cc70

    • SHA512

      75795f8a605b47a8c209be8e60e706bf45ce1d16d1bdbbfaa4b54cdb444069ebf6c93f819f10b5eb741d30643c8f6f614ffdbdf94eb21d91306cd9caca52880c

    • SSDEEP

      1536:SIFyccBbsMA0fi5WU7kmysp4COVICS4A6vTNKZETNA28V5/Ogsck:g1ffUjyobkvTNKZETNF8V8v

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks