General
-
Target
2b823bdd7fdb99412d296964f9086263fce83736a0c1e896543317c33ad7c443
-
Size
1.5MB
-
Sample
240816-wz1peszamg
-
MD5
2a52660288975cfc87c5a99318cdb522
-
SHA1
d9cb0ef5f41b6d7d31739165b7ee138c4e35fec5
-
SHA256
2b823bdd7fdb99412d296964f9086263fce83736a0c1e896543317c33ad7c443
-
SHA512
65eebc47e3261348f0298fe904bb940bf76ee08dde10c6f14e65cec43f29c1ac4410d022f67a856b9aaa32133ce3b156c7b4d197bce4645d4870a5d99a3242bc
-
SSDEEP
24576:KFd6j5mXEntZbPyAL3fXZxrb0STA1WaxVRmGrBplgSHt7htHORjJu6/:I6jJnfzDfXZNb0STA1PmGrlgSPtAdu6/
Behavioral task
behavioral1
Sample
c26ce932f3609ecd710a3a1ca7f7b96f1b103a11b49a86e9423e03664eaabd40.dll
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
c26ce932f3609ecd710a3a1ca7f7b96f1b103a11b49a86e9423e03664eaabd40.dll
Resource
win10v2004-20240802-en
Malware Config
Extracted
agenda
-
company_id
feGDg5BHWw
-
note
-- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from you system/network If you refuse to communicate with us and we do not come to an agreement, your data will be published. Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials-- Credentials Extension: feGDg5BHWw Domain: e3v6tjarcltwc4hdkn6fxnpkzq42ul7swf5cfqw6jzvic4577vxsxhid.onion login: _RgxgvCfv_3rQI5oinfr9gj5JS6_AGP7 password:
Targets
-
-
Target
c26ce932f3609ecd710a3a1ca7f7b96f1b103a11b49a86e9423e03664eaabd40.dll
-
Size
2.7MB
-
MD5
88bb86494cb9411a9692f9c8e67ed32c
-
SHA1
82f8060575de96dc4edc4f7b02ec31ba7637fa03
-
SHA256
c26ce932f3609ecd710a3a1ca7f7b96f1b103a11b49a86e9423e03664eaabd40
-
SHA512
670acd30005be75bbced78a505b4f0ded7f39cb4f4d55f9b09f31964d20bebb62908d40da4c9a103c87e83f4b31e0435ffd9ec78ee7a585c216e5551e0c67ebb
-
SSDEEP
49152:MxmXXxQjiQspGXtwB0pnkF7TosNjLSq6Pq3Ecv9dsiPTg3pg:DQeQVmB0pni7TosNKq6adsi
Score10/10-
Agenda Ransomware
A ransomware with multiple variants written in Golang and Rust first seen in August 2022.
-