Overview

overview

10

Static

static

10

3f843cbffe...73.exe

windows7-x64

10

3f843cbffe...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f843cbffeba010445dae2b171caaa99c6b56360de5407da71210d007fe26673.exe

  • Size

    127KB

  • Sample

    240820-hmyseaybph

  • MD5

    1f6297d8f742cb578bfa59735120326b

  • SHA1

    ff6eca213cad5c2a139fc0dc0dc6a8e6d3df7b17

  • SHA256

    3f843cbffeba010445dae2b171caaa99c6b56360de5407da71210d007fe26673

  • SHA512

    f9ade063be2ae5861248472aff857b2e0506d4705ff779972ade7482bb7797521338dd9a842f048d5ba1697719b22a3ba596370c37f4352a2527dbe1997edfd1

  • SSDEEP

    3072:AJ+vDJMMKvaJw4N7JPohaNviHZoJ8J58:AIDmMKCJwc7JPoYNvf

Score
10/10
targetcompanydefense_evasiondiscoveryevasionexecutionimpactransomware

Malware Config

Extracted

Path

C:\Program Files\RECOVERY INFORMATION.txt

Ransom Note
YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: [email protected] YOUR PERSONAL ID: B888113B07CB �

Extracted

Path

C:\Program Files (x86)\Microsoft\Edge\Application\RECOVERY INFORMATION.txt

Ransom Note
YOUR FILES ARE ENCRYPTED !!! TO DECRYPT, FOLLOW THE INSTRUCTIONS: To recover data you need decrypt tool. To get the decrypt tool you should: 1.In the letter include your personal ID! Send me this ID in your first email to me! 2.We can give you free test for decrypt few files (NOT VALUE) and assign the price for decryption all files! 3.After we send you instruction how to pay for decrypt tool and after payment you will receive a decryption tool! 4.We can decrypt few files in quality the evidence that we have the decoder. CONTACT US: [email protected] YOUR PERSONAL ID: A580BA51E8E4 �

Targets

    • Target

      3f843cbffeba010445dae2b171caaa99c6b56360de5407da71210d007fe26673.exe

    • Size

      127KB

    • MD5

      1f6297d8f742cb578bfa59735120326b

    • SHA1

      ff6eca213cad5c2a139fc0dc0dc6a8e6d3df7b17

    • SHA256

      3f843cbffeba010445dae2b171caaa99c6b56360de5407da71210d007fe26673

    • SHA512

      f9ade063be2ae5861248472aff857b2e0506d4705ff779972ade7482bb7797521338dd9a842f048d5ba1697719b22a3ba596370c37f4352a2527dbe1997edfd1

    • SSDEEP

      3072:AJ+vDJMMKvaJw4N7JPohaNviHZoJ8J58:AIDmMKCJwc7JPoYNvf

    Score
    10/10
    defense_evasiondiscoveryevasionexecutionimpactransomware

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Renames multiple (6819) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks