General

  • Target

    tmpqfwx9syv

  • Size

    5.0MB

  • Sample

    240823-ljpxwayfrj

  • MD5

    0d68a310f4265821900249bec89364c2

  • SHA1

    2981343bfd2db38e236c0b70c2a6cd924c49b0ab

  • SHA256

    6316417fcd979c39a4da672ba3521f62081ff4dfebb868ef65a1f2dff9a738ea

  • SHA512

    445493f86e4027bceee53112414160c08e441d04ea899559effc05c923e83b6635b048731d3f2891f35fc87bd32dc47e221178db8675278ebee1586911c4c4df

  • SSDEEP

    98304:a8DAoC0H2dy/u87jwP0xuy+Ccv8HxYRWpgzh5euFMjQIDgYodZHoyVHmzDZN3sGw:a0WyzcOuy+Ccv8HxYRWpgzh5euFMjQIc

Malware Config

Extracted

Family

agenda

Attributes
  • company_id

    CcXB9wE4s7

  • note

    -- Qilin Your network/system was encrypted. Encrypted files have new extension. -- Compromising and sensitive data We have downloaded compromising and sensitive data from you system/network If you refuse to communicate with us and we do not come to an agreement, your data will be published. Data includes: - Employees personal data, CVs, DL , SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... -- Warning 1) If you modify files - our decrypt software won't able to recover data 2) If you use third party software - you can damage/modify files (see item 1) 3) You need cipher key / our decrypt software to restore you files. 4) The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. -- Recovery 1) Download tor browser: https://www.torproject.org/download/ 2) Go to domain 3) Enter credentials-- Credentials Extension: CcXB9wE4s7 Domain: q2ftkbd2n7nire22uf7gwtrpcznppv56ti4ydgpoi4vunjl2tkkjvvqd.onion login: ABDbpJP07yoRoPv7-sMCyx6Tt-fyK7dj password:

rsa_pubkey.plain

Targets

    • Target

      tmpqfwx9syv

    • Size

      5.0MB

    • MD5

      0d68a310f4265821900249bec89364c2

    • SHA1

      2981343bfd2db38e236c0b70c2a6cd924c49b0ab

    • SHA256

      6316417fcd979c39a4da672ba3521f62081ff4dfebb868ef65a1f2dff9a738ea

    • SHA512

      445493f86e4027bceee53112414160c08e441d04ea899559effc05c923e83b6635b048731d3f2891f35fc87bd32dc47e221178db8675278ebee1586911c4c4df

    • SSDEEP

      98304:a8DAoC0H2dy/u87jwP0xuy+Ccv8HxYRWpgzh5euFMjQIDgYodZHoyVHmzDZN3sGw:a0WyzcOuy+Ccv8HxYRWpgzh5euFMjQIc

    • Agenda Ransomware

      A ransomware with multiple variants written in Golang and Rust first seen in August 2022.

MITRE ATT&CK Enterprise v15

Tasks