targetcompany | 26d9af84cabb56e8755bb9b8fdeb70f731afbb1da70c543effc63450e9a13018

General

Target

26d9af84cabb56e8755bb9b8fdeb70f731afbb1da70c543effc63450e9a13018
Size

1.4MB
Sample

240826-w8mh6azfqp
MD5

bfea7bb766ed582c9ab1c2d510c7515f
SHA1

f7d4c015b49dc50c973498d1c139fbc63c108aa1
SHA256

26d9af84cabb56e8755bb9b8fdeb70f731afbb1da70c543effc63450e9a13018
SHA512

2b77df777a85fdaf826bbbe0436a95e1e3bf503e02e137065a2a56dbd0be531dafb7527080a5c7e38ef0aa0938d0e9ddd1574c9118dc8c101771b56fd5ef0f81
SSDEEP

24576:htcnuAVrmmby7CVRpLoJahQXuxvMsYMMZ9lOFyRyubGEEW1OIfuhFosCKYf:AnuAAOK7Xa0s4ZXOkRyupEW1v2hFosO

Score

10^/10

Malware Config

Extracted

Path

C:\$Recycle.Bin\How to decrypt files.txt

Family

targetcompany

Ransom Note

Your personal identifier: TIF3MW2QALL All files on Take It For Granit, INC. network have been encrypted due to insufficient security. The only way to quickly and reliably regain access to your files is to contact us. The price depends on how fast you write to us. In other cases, you risk losing your time and access to data. Usually time is much more valuable than money. FAQ Q: How to contact us A: * Download Tor Browser - https://www.torproject.org/ * Open link in Tor Browser http://w3nrsbh4n35dkujnho3yiv5ocntimv5nb3jg5fggvgw3dwrzdnmtlaqd.onion/TIF3MW2QALL * Follow the instructions on the website. Q: What guarantees? A: Before paying, we can decrypt several of your test files. Files should not contain valuable information. Q: Can I decrypt my data for free or through intermediaries? A: Use third party programs and intermediaries at your own risk. Third party software may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price or you can become a victim of a scam.�

URLs

http://w3nrsbh4n35dkujnho3yiv5ocntimv5nb3jg5fggvgw3dwrzdnmtlaqd.onion/TIF3MW2QALL

Targets

- Target
  
  352f00d2c53b14d500cc182b1e14954df25a6ff9171b50aacd4a981ebe03246a
- Size
  
  2.6MB
- MD5
  
  c1227e81e0fb3339d0aa7b039758f6bc
- SHA1
  
  07e72d41e6fc806a5153138eb4aef0c969022ecb
- SHA256
  
  352f00d2c53b14d500cc182b1e14954df25a6ff9171b50aacd4a981ebe03246a
- SHA512
  
  9c714ff05ecc51eabe5239fcac65d8e21e3bd84a743d27a9fb9f70b4a0d244978fc18f41a6c713f870886c793963ea089c4ac3fe19a2e4a2feb7dd5339b03467
- SSDEEP
  
  49152:pLgNjaYPW2p7+m5zx21dXIMHPnxYTIFtfy//mghqI6MAmTZiuRySfa8GIBbE:pL0xPGdaMFe5faSbE
Score

1^/10
behavioral1 behavioral2
- Target
  
  db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98fe
- Size
  
  125KB
- MD5
  
  b13a1e9c7ef5a51f64a58bae9b508e62
- SHA1
  
  e232747c02b5cab0a414190a0d8438f5be042000
- SHA256
  
  db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98fe
- SHA512
  
  3f42f81505693089dc2595976c523f1568aee6cbe2565ba16b3e4b43a06b2533b4f2c63ba90afc2637380a32fbc5dd09b70e84ff932fe90482e0da84c0571afe
- SSDEEP
  
  3072:GA1PPaKgKdZqTXKopLuLgdgjgVE0e95NlmD:G6CKg8ZqTvpyLgd0gVqdE
Score

10^/10

targetcompany defense_evasion discovery evasion execution impact ransomware
- TargetCompany,Mallox
  TargetCompany (aka Mallox) is a ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
  ransomware targetcompany
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Modifies boot configuration data using bcdedit
  ransomware evasion
- Renames multiple (6846) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral3 behavioral4