92ac711db16da541e06c5195050f6fbd8915255c79ded58f70ba030d37135ceb

General

Target

GJecwa34.cpl.exe
Size

873KB
Sample

240925-mh8t2azgnl
MD5

5b2ac6ed9b0830ec7f1c9eb7deb38c66
SHA1

0f1011748dfff6a0d0f0c0b9b8bc045da54080a6
SHA256

92ac711db16da541e06c5195050f6fbd8915255c79ded58f70ba030d37135ceb
SHA512

d1509fbdf410c943b2df1f05f1ece680dbd45b6090b43985707f6ebccf940cf4d384a235838d75df8f72b688c41fbfc0ef41347dee869de2d7e3dd5aa1da68f8
SSDEEP

24576:QLVxajaoPDR60nXKJxrYUrG/fNfhgsqYREh3TR:Q/b3MNJgsqYRed

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Decryptfiles.txt

Ransom Note

ATTENTION! Don't worry, you can return your files! All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key. The only method of recovering files is to purchase a decrypt tool and your key. Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned. We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours. Contact us email :[email protected] Attach this file in the email. ID :95FAF0888327EF5BB15492C2A2246410F70549A466625944A2CEA8AB0F918F38DF22644F4631DEC868E1D2871717564B82297ED812122F722D739D51402506238F4D821EF9614CA02D37C37D42E3ABFD4B005F9A51550C627B3FC2B2767B39564C31EB5D090FC973D6A3E4D7339F8AAB75A517A98794BCC9A6762B84C9134DD528422A582BC7627CA5CC59B48059F58A3A9627908E460C133BFA95DA881A8EA19B971C6AA6EF2E9EE24F2AFE8093831AE5B0B0ECC769A9CD6F883819ED007D98C826AB53060C35BD45A80CDB63DBBD1F439411CE7CC59ED24CEEE63D392999D0AE93B191B8944D5C13252771AFC74AC091136353ED41047641A1FA1D7C9F90F32249EA2D9F64BDB7791E0A2E25006E7B0DF4D4CC4F7B0ACA81F0894188206ECD70DB362FB01D6E22ADDCFB9FA2AD1CB990ED1654239C8837510FD4F301716D9C14A30B7A6AEFB75B0BD3089DEE698E1826D208BD22D436EA852E02317DEEEFE6735869553F8ED7EAD28BA782CA14D9FC4879EB9DCCCA248D43FD8432D58109C41719C6C5D297C5BDBAD8E2AB2DC6AC4A522E2685E8A7F4F9EDFB05684B7F8746819F7F13C0AD3C7830421C6806A8DFAEB33F09BCBBE3B78EE82739BA6696F3CC660BE678CD00A57038E53227647DF7CABF7335A49A34C8AF0236921880EFFD3216E3E1001ABE4664DDB7291ADDAD891C9F760EEE34EFBAB4F22D70B1F1E7EF3D3A84B97131E1E32FD37860B2DD334E086F81A629F2762C9BDDF710A65346C8E4BED15E0C895D346AC2EB1BC33982741359C5C79FD067D884D813EEB7CEDD873187075DBFA679CF1E9D4DCF3BA1B2F685805420047C2D7CE9E77E7356AF46E5FA32FC8DA2B924B9C2F784DF9D235C7FE9758842649FA2109CB2648CFD00C3A390D078B5E3D74AA3FE093B077ABD063F87D44020E4449BA30AF42E4023DD86A7F36AEBE2F6A955BBF938B891F9869968F3E2DA9DF999AF740380E507FE70742D08E9C5D030F63C39927205F639165D18C5E7319E79B80189EDB8136EC282C963B26B6088C6DF241CC9565F4A3557CAB6A673CD91924444465D34BD5F4DD245AF72C0CF84261B7E45548623365593D7EDD5731451B172668BDBE3B9ECA8B934F05F9E2A7EE0285A2549EB7162B9B49EC071BA8CD77EC479F944D067140DF6AA399AA38FCA3AA61E58D9364C3D1248B63AF489A3A504B62D3CC0269EFFF369D6CB999ED34F8F594C018EDCF8E1916A8FAD7D764382A048BDB9AF09007DE6F70C4C3B39BCA19858C746F7E29EE822304678998C1931FF45CE88A47CA1286E3848349DE71F35131AD411B7BD109A985576D94B2A162D04601ACF3C3AF10155E45AC1115942123814D79E42D50DE62AAFF8F4584284C60C11F1C5EEBE82659525EA5EDF0B292AC60DEB9EB3EC4574E2233BFE4CF3443A9FF3ECB4814B3A6C867A9950F0FAEF8A9E4E9EEA3D3FAF64526E7412D291A125B71DC8F134E5EB5F86E598AB5535D91FC7359C9056B3288DF9E6C7699AB7465ABCE62D6419BC7C4D5D1BD3F28F3927BDE50DFF486AF07E5E0199758B8E7595AD084B2A8FD4ECBA2006E8F50330D2D49AFCC59148AE36042152CDC952BF1A25EDE11B2FDCAABDCBD5D50A28A41D6C4067B0595403E5FCF11BBAA33A8F65525A5A7D424F1126A6CB6D8E960DF3A41E7F5238FC2225E2B685D016AF0EC17F373AFB67AA1BF7096208850EEE369D084D11D6CFD55F50D55BC0376ACD2D755AD0CA557B078F96B6CF85AB529F60C3128D9502C497E1E66B8B3412CCDAFC7A9ACD42B572C0286CC733E46ED4059BCDFA96A72D44EFDBF6F52D78C013DA3A58017F6504DF5C8DDFF3DAD38FA23DD57A83E78B58FC8A6A75F4C579FC759A11885DD70BE029C7894EF5A6D23B31C1B8B55A8C146309ED24A41968AF18E3F5496307C73F3E08F829DA11879A50CD81AE0BB41303BA4E73B7536071F7D8629DCA7DC8466FBED82A3D33E2AD6582D8FE706BB1B5E283219923C283BCC00F44EC5792A01FA5B1A8AE400F0BB525AAA16E32F3B69389DCE536A155D4E61C957239BE84DB0DB7C1FF6FBA33AE9E1E8C157D728108A046B0493315324621D89290247D5E7C74589AEDCE66B31D54FC6AEA8E73FB1798CCCEFA37D23EBD3E31F62E0E5E285D5C89BB4A1119D3F54354251CC956268828FE1D6F2FFA4FC4B934CDFD0F829B5E6BAF0767DFA1183D5C69C90561D5DF2D0745BBE5D5AECB5FA7048BF41940EB7F9151E67A62138092B96EC62D16F12A9487035562357559DE48C9B7A75C1B7900030AAA3A6647603B4E384200A4431D50A2DB1F03D47181FC65FC45034CF6E4C8B25A2BAAABCFDE4DCE6D0FB898840298A9D1411848AC76E73DA69B

Emails

[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Decryptfiles.txt

Ransom Note

ATTENTION! Don't worry, you can return your files! All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key. The only method of recovering files is to purchase a decrypt tool and your key. Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned. We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours. Contact us email :[email protected] Attach this file in the email. ID :145350623DF0E8290DCC47DEA7287DE6A4FB74F4FD027899F1EF570ABB371F4BA2EE747868A2E2E8CBE7892986C0CC2C6FF8D59815AA7837AAC7B9923087C534056F836EE793FBF9131F1C0DDCD0F501CFEAE533C09FD3E6C888608A47BF282AD37A100B27579C539055E6B4CBCDFBB7B445E1CA7F908FDBD07B87E500179FF743973F111E5A36DDB237C11D39F809C83068BB6E5CF1573C75CC326A26AC1063E5F5EAD4170C44371320356CF4C476BC1BB239959D801F90BA190FFCCCA2851EB8CB67162B435ED810C8BFD35D776457CEA485BC561C6A097F3445E562B9287CD673589FF2F5CFCBB9E6D25EFB44E92E4592B6FC07968C9298959DDE75982DBEB4F0A3BD8BCD1BEBEE980956D7F0D431AF262AF9908AFD3D150E45A64BE0CACAB1D8DFE3AD280DB00AE94DC862DDA62D873E63F31DC7BD97219D959601B0F03B1B6D9871F5889F1DFC512BF7554EF460C6CB77166399B513DCCBE73B96E0947AB8F9622C7CCFF7E121DF40115616E3382E1DFD0479796D08A0E1049013DC8853BD743735CE50A7CA47163AD796F34EDB453B20CC2A8D7FD93FCC7B7624CB58312B6C0D3DD9344966AF4E46E7110BC3AB94B569534633649EF9145DC8EC73E58CAF2F8F71A423AF16F6F6FF31C7F4E1CF7D65D8187E4A44E2C7BC5848F7D6D8A237FB0FBE950A07F22B602197313B403C8C781C2C43FFC1726F0A4C3C6C3116C882790FEA66B02585DEE19F3E682F4CB8D1EA489F43E62612B247DB8D3137FF328909F23D64BC0BE7560B2F6A12961B0D462F6EB3CE22A2A914C2CA08322574E101121D20F251658E2ABCC3055A45CD5A1E773224BC6A012832714DEB43009A4A1DCDD9E89BA259ABD703ACC95EACFD1F2258BB987179022A614807ED3C6A9D6575A77AE4A044427C07D5FB412C75703E8F71A1E242F0FB101B56CBC64965E79520AF8D98D3851D96354B32E93F7D49B43308F1283F68E44F82D1DD5CC68D19DF5193EBEE18C3C8F9E4B50FAAC6C916275569BCA7AABC12954DB91DF0EF605B3E3CAAD83FF3F64AA53E7D44946D2E82577F07B2CA4DEAFCD22BF234F62A2083664099C798DADA2AD99165FEE3CDF02AD3C930C1BA429960F073587244E59A1A5D30E5C59D955A02A400FCFEADE393DE3C19BFD6546D73661540304F98EE49F5C1F2D72DFB86F9EA25217AFB18980828DAD1B51D54F0F2932696E5B1197634725F7F9D0D662FE147D4BF1F13C33269DC37B7FBBF28A9BC0DE90F3112A6EBCA6423D807407130842D3E52B692DBF14415578DFB08CB17F02BAC555107BA4D8C3ACF044CB1E22456B8CDA7429F8DCBD44E6CC3D48AAF099160915BA3ED0D07868A228EE958114B8A4E9BB794E0AEE1865289239911E916CF04EBC5D592E78EAD5473FDD2B66266585D4A4EEDD58E47EFF8543CA2A0D86ED9FA46FA599F64F3C73B5A689AA7658AAA8BD360604CD45290FE23280DC6CEE380250DEB47649FC31AC16D463BDF0ED15082F002AB7CD08BF2DBEE40B8100A9DF4F7E51A4D57014A13B38FB48D8EF9F324898DC36A073FD5A2CD6BA63598149FDA986464ECA313EA05D2A5CF818F956DFD678982AEBF0FED86CE09369CB80E149242D493F13CC514679B5CBC1F978A0C91785BB5878DE6978BDE2A16CCD19EBE672AFC26ED4F762C7ED99D8E1660345D0211D704B1FE21413670B49616442FCE6A3AFF876B77EDC7BE4B1A31B06F31AC8A7F0440F469D16896F76E95B4DD0AA98CB5DD2E4E91D857FF33683C8C02E2F6A10188CA5840984F4D023C31860439C3945FFE3EE4E54F38B0D2F07E3A117959F92AF8E8B62B50BB6D7B5450E2A5B6C29A0A5DD21EF2BBB3E43825C7E4CD00B1096AA5F16B7B6EBD3370F14406C69446FA09BEA32AE89B6941EB8ECC8C2BE53098CAE65DF8ADDECA89B730AF1E4E572BBACFDF9C0257A628C28BBAB6CA05F07C500D0AEBAC32E0FC454BA92622C567268D15C968B143654F21DCFBE7485980B822B6727F15AD3ADFDF190AA08590F04C214895E2F9313B70677E5DCEC7F1E14C98A0F1EEBF7BF81C9AE6BBF127384399F177EF08E4F1C64E479801273004B4C610E289C87BCC30E4444F9B81F0327580580A17B796A8034EF415B85C24C9DA6B44CDCB8AF4C36FE22A22DAF337777126BF89352C3DEF3775EC2B9621D70E3FAD62DABF23CF679B57F4854716C663D44B0CD6F1BE4866A5946CC57997454E49086FF8C61D3DD9FB6FE92E68AFC45B866D020D3F9F36969F235E54DD4077426262E8812389ED6C14D19F3EB7767136793946A76650C0B9CFA2B939FDCBA35AD30BCAD6C346768DB3399BCD4F30C373A1EF8E77DA506C12D4E8303CB49EE42AA460078C4216A0F6

Emails

[email protected]

Targets

- Target
  
  GJecwa34.cpl.exe
- Size
  
  873KB
- MD5
  
  5b2ac6ed9b0830ec7f1c9eb7deb38c66
- SHA1
  
  0f1011748dfff6a0d0f0c0b9b8bc045da54080a6
- SHA256
  
  92ac711db16da541e06c5195050f6fbd8915255c79ded58f70ba030d37135ceb
- SHA512
  
  d1509fbdf410c943b2df1f05f1ece680dbd45b6090b43985707f6ebccf940cf4d384a235838d75df8f72b688c41fbfc0ef41347dee869de2d7e3dd5aa1da68f8
- SSDEEP
  
  24576:QLVxajaoPDR60nXKJxrYUrG/fNfhgsqYREh3TR:Q/b3MNJgsqYRed
Score

10^/10

credential_access defense_evasion discovery execution impact persistence ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2