96b3bcce3280a16131ef6de01f65bdc69314a7d86477321e8bb944d2fb6ff603

General

Target

2024-09-25_c8ececb7cd83b938712e63f9e96e6f6c_espilon-red_snatch
Size

2.6MB
Sample

240925-b2xqbszfle
MD5

c8ececb7cd83b938712e63f9e96e6f6c
SHA1

942597cd5e7b61721dc516793e7510580757c587
SHA256

96b3bcce3280a16131ef6de01f65bdc69314a7d86477321e8bb944d2fb6ff603
SHA512

ca9f3d13ae0c043d87ca3ab505c12dec2656ef71c05737f24a3483f9d3619cb9837a36faf71b614b77169e3486057228ba2a4e3920385cabe830033a2395a9f9
SSDEEP

24576:LbA9MGiVwmIPOaq6EUWOk/vNKj1xzb6gPvsFjG4/owGkE1Pj:yriVNI2aq6EUdkHNKjTGckowGkE1

Score

10^/10

Malware Config

Extracted

Path

C:\temp\important.txt

Ransom Note

=============================================== | 重要通知 - 重要通知 | =============================================== 你好，尊敬的用户，我们已经成功侵入你的系统，并对你的文件进行了强力加密。你数据库和其他重要文件都已被锁定，无法访问。为了解锁你的文件，你需要支付赎金。我们采用匿名的支付方式，即比特币。以下是支付细节：支付金额：5 BTC（比特币）充币网络：BTC-Bitconin 比特币地址：3PztoCUcREzAhVhTwKT1hf2ManFP3eQQJC 请在下面的比特币地址中支付赎金。一旦支付完成，你将收到解密密钥，并能够恢复你的所有文件。倒计时：你有 72 小时来支付赎金。一旦倒计时结束，解密密钥将永久失效，文件将无法恢复。 ==================== 警告 ===================== 如果你尝试解密文件或与当地执法机关联系，你的文件将被永久销毁，并且你将失去所有数据。为避免不必要的损失，请遵循我们的指示支付赎金。联系我们：[email protected] =============================================== =============================================== | Important Notice | =============================================== Hello, dear user, We have successfully infiltrated your system and encrypted your files with strong encryption. Your photos, documents, databases, and other important files are now locked and inaccessible. To unlock your files, you need to pay a ransom. We prefer an anonymous payment method, namely Bitcoin. Below are the payment details: Payment Amount: 5 BTC (Bitcoin) Bitcoin network：BTC-Bitconin Bitcoin Address: 3PztoCUcREzAhVhTwKT1hf2ManFP3eQQJC Please pay the ransom to the Bitcoin address provided. Once the payment is complete, you will receive the decryption key and be able to recover all your files. Countdown: You have 72 hours to pay the ransom. Once the countdown expires, the decryption key will permanently expire, and your files will be unrecoverable. ==================== Warning ===================== If you attempt to decrypt the files or contact local law enforcement, your files will be permanently destroyed, and you will lose all data. To avoid unnecessary losses, follow our instructions to pay the ransom. Contact us: [email protected] ===============================================

Emails

联系我们：[email protected]

[email protected]

Wallets

3PztoCUcREzAhVhTwKT1hf2ManFP3eQQJC

Targets

- Target
  
  2024-09-25_c8ececb7cd83b938712e63f9e96e6f6c_espilon-red_snatch
- Size
  
  2.6MB
- MD5
  
  c8ececb7cd83b938712e63f9e96e6f6c
- SHA1
  
  942597cd5e7b61721dc516793e7510580757c587
- SHA256
  
  96b3bcce3280a16131ef6de01f65bdc69314a7d86477321e8bb944d2fb6ff603
- SHA512
  
  ca9f3d13ae0c043d87ca3ab505c12dec2656ef71c05737f24a3483f9d3619cb9837a36faf71b614b77169e3486057228ba2a4e3920385cabe830033a2395a9f9
- SSDEEP
  
  24576:LbA9MGiVwmIPOaq6EUWOk/vNKj1xzb6gPvsFjG4/owGkE1Pj:yriVNI2aq6EUdkHNKjTGckowGkE1
Score

10^/10

discovery persistence ransomware spyware stealer
- Modifies WinLogon for persistence
  persistence
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Enumerates processes with tasklist
  discovery
behavioral1 behavioral2