92ac711db16da541e06c5195050f6fbd8915255c79ded58f70ba030d37135ceb

General

Target

GJecwa34.cpl.exe
Size

873KB
Sample

240925-rb2vcsygnl
MD5

5b2ac6ed9b0830ec7f1c9eb7deb38c66
SHA1

0f1011748dfff6a0d0f0c0b9b8bc045da54080a6
SHA256

92ac711db16da541e06c5195050f6fbd8915255c79ded58f70ba030d37135ceb
SHA512

d1509fbdf410c943b2df1f05f1ece680dbd45b6090b43985707f6ebccf940cf4d384a235838d75df8f72b688c41fbfc0ef41347dee869de2d7e3dd5aa1da68f8
SSDEEP

24576:QLVxajaoPDR60nXKJxrYUrG/fNfhgsqYREh3TR:Q/b3MNJgsqYRed

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Decryptfiles.txt

Ransom Note

ATTENTION! Don't worry, you can return your files! All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key. The only method of recovering files is to purchase a decrypt tool and your key. Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned. We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours. Contact us email :[email protected] Attach this file in the email. ID :EC604A405E6DD393205D08D4F7BAFFA6BEB5728847F6E670BE3BE7269F6B273D28030D9879CECA278AC2DC8E77A117A0F46815A09EF9FFE6AC33BEEDA30909D7635FC153D9213803342DEE21B82AAFAFF29CE6FDE9DDD78A07225E54FCE5AC1176EECB8C1E699F17F1C25EE19BC30A958A5E1ABA789E991ED6E6F565519419444E2F5E887D3DE8766513FCBA0B4EE3AE0DE8FBF9442067A8F5C52532F9FE47B2FDD15FC7814DE8B019EB08CD3CC0A08E6AAA47168B26FB11580B64A22E877A281649861F9E9CD22ADDC81EC75FFBC290C1675C053D551AA6E571824D4E921787217AC41EEBF617F21FC4B44AF731EB9BB7361FA0A3702F299CEB977C4005FDB6A87ADBEFE1D950574455CF41B6F7D488137BA6A4A046C64CD8DB6AA72AEF9460E23200CEA15A657BD318E577A2421FB58BAEC5E860418CDEEB4536852D5F426E041B02C3607B3DD86C7A7C97FDC2877DBF87E7414FB7CC7EC446F4509B7F63356B8BC6B42B283781F56C07B9052599E63A917CBD01883B848788441DA422116BF87FF5E8BD0070979B6863860917DA9C620FA0F23ED4F59734A92A1260288018CDEA8B5A1862E68ED03BA09E8DB8CFD22FD01C59E7F310AE6C31029CC4EE7E9D701D9968F4B496E8555D0055B63787783BCF6283A7F7CD8DFA2A5BE14B2BA1E151908DF120C17DDC8E273D07794582321782FF6BE050F7076DB0D918A108019C52E671491B33F227A00F629D31D7DC2EDC870A211D401A7F39BC8FBBDD4A8BC554091433C2D5ED8C9B299A53436153F78AC118F1AAB41B7C64E7CA5456224960577EDD6306331753DAD73DB47D68B9C63E3A6A8AEFA32709ACBC5F5DDE81EA7318EEFCF0D08B9B2A90A3136C80CEA40F01977C181514C23404979C8D4B2BE9037BA697DCCED320D97855554545017C72489023067AB06F624E4CF5DF7E20E1F26633ACD35A80AAE52736E6971932BA54AB32BAE1A0218D8F9D7FECF0C48F89D28E290256CA10DD6ED7635B53B09771B673C4524B647B46C53A03F93950F7CC1BA3B4A6B7A838803AEF33FCB177D80213311E503A0D943DA6705690CFC2458F85B3996A566A45ABC6BDE2D76B097485214A12F52A7F3A74B011E48FF96E139BF16E5075A80ADC921E9F320C36D58C264018B73D929B8DAF3778C221927FA4605E422D3BF360C065A34A469E23AA88BD11DE90625C7E3C3CF6AD1F0F62612BA420E4F290FCC9B46B742450D3F22C76D03355A67BF90D574E6111F2332EE68FF37C11BAC85D297C6876239FBFF06A4693310321458F6AB6DE3CF2DB7D12871FD2CECF2C68F336AD3C7FAA1DF1E3113BB517DF9F5EF49A59E71B57C1209CE11932F4D00085FFE147FD036BF15435DF5878DD4F616131B11241243A1BFC9E612499B373255CE11AB7AAD1DB11DBC0D7BF50E686C7A919BB36A6069FE70D08CE6480B187899788C59F77ACD5CC07E98F1310B850A2A546787883C783E9667EA5EBE90AC60915E82773C531EEA0E4EACFAFE5CF3FE2C45F229EA59E015B8147B61A8352A1F544584919EFB2611614C0770FF9939EE731149C0860C2E6CBA1E622851704B021E1724658AAECC244985191D4FBD784EFF978DD85480E362D33D438BC55D0FB4F91095E367994C15AFBA4BE491007239673204715F76312692702620A860F677E15DBCE59CA9F37A110E287957518576C9AC5E733D6BCEA42372F0A9EA0F45BE54481E097319721E368ADA6487DFADF030B8B10EFD2D588A9692677A0A48B91163204EDF6E772CB716CBCFCEA6FC317A63693D8CECC2E0FCB23742904BBF71BB2038FB380A9FA2ABB64F94CB404512E89D641013D9154A45198F9005A885E35E3C35613D84035BDE810E777E7E477E0C9663926F8BA376DEB0AE9956B6588FCFC32499710B1C8C15A9205127A9D251E1D0F8EE29500109C122EB5DDDC598709BEE0F20AC30C2EFB400EB6B1A41890370853784EE80667332D93E7F87987B5FBFEFA0AC156410CB852AD7C859EE63DEBAF792B1B4272E1C44CE5BF246D856DE660FD2AA70C4A4BCA8F56B22E330F8C33853056E1FC757EEA3F3D51518A23150CAAFE5624DC6CF0EE96CA8D234107F02EA680AFB57238F3709030DCBA8F49165C06089F69C0EEA9E36C5D61E9DB8C96B1B43E64972E034FA5D376A07C5F06072648EE78AF782F2D04CE00CC6655B213940CA527D52CE9BB7343E8CD78BB49057F82B71063DB18259F5CE820762F44B052DEC6DFC6C286054CE8061D3F91710E8800BD905E52D0BFA153016CB161C47DDAD0C859FC9DB9A7CB0FC0282629EC9210B7A7F85A9ABAFCA998295A42C2008853DC782F849134D32B5DCB9F3CF79202FB31A349B12569E864CD1A

Emails

[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Decryptfiles.txt

Ransom Note

ATTENTION! Don't worry, you can return your files! All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key. The only method of recovering files is to purchase a decrypt tool and your key. Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned. We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours. Contact us email :[email protected] Attach this file in the email. ID :F025D0B68217F6F9126546EB36B0286C6BE4E717959881152644CA4AF49BE933E00634B2A3FBC7B62E23456AF56A66AC0CD527FF5D76DD025B7D77E612BD3E545A7D9DCE16958DF3E7E1D3D6A71A6AFEC59D49A1D7877D5D27F4676EF731B3BE955DF1840847527F1BB2F44F9C74374FA6C103022E797864D134F534F407826A4C49AAFAC82788F03C43910E18BB6E2F15A59A83075C49B562FB918C25C9C6A066FCD396DEEDDC3705727F85B565730C108AA02236709EE13F5A39AB90AFBDBDD31E9F632AC90EF08C136B27CF3D07F5E912FDE8E9BCD8D7C4F66EFEF753EC78A1645F152B31F4C68E6063E3414F4DDFDBFCCF868143D07C400DEA95709649241C30AD3CC0D38D23F25F85D8F194074D546E8EFE63A84622F7B0CDC26D7536F77449DAFF1AE6600C4010E025F031FFB06B0AD6140EAEF0DCC043E8489C8B134B22DF5FDE399E0BB64E36B15B18BA77143B2AF4E8AB4C2316E94478B6184F6BC331D9A361C7DD0CFD084792B86D8B94FCD31FC81B23EE1DC9E790658024D11F9AB7187E4CE51D0C63CD171F26ECEDF6EE5E61C699C848DAA7BBFBC2B5D9272905F58DA2B04E582EE3645BE6763E88E5698FCA3BD3C01C75814BD059A32D2172A6F380ACCC2C1DA29EEEE05C6B91E4092C42D7B781BA192CFD33D10C3602E4B80F54854427D4EAEED4631A08E54D19661236184C1B11515023708B105D16318826375F5CE246333223EC040BE2F274F9A5471E1E1B7D545C0DD58533832FC7A06F72FAAA6C86D54F676863137FDF2ECEA79A55AADAB993592DDEBEF527A27233D6D4CAEAA76362F465B989F1DB69F8992CE1BA69DF266EB4F5F154C5CF9D982E0CEC15D8D61E1B9C543B1648EBB8F0D768A937A696EE0DD9C29B8C69112BD584435CA0100DE08D58F139800EE7B669DD9D2CB52B31F94C6AE004AC54FC17003E762012FA8D3848011232A02F6B420FA01D07C8E98DC9C1FA6EAA04685DE6BA48F1D98FAA29B7155F4FE9DEFAA82D5452C34B36B248C6C673D18E0B875523DF6FF1BC8B70D1A52F8DB4AF36C8FF8E19FAEA6DD1BC4F299BB1D8CB95C25A9F38BAF62ECE4C82D7D173ED8687A14E4A1ACC7C8A5C7455872AFCD4D0A873AC3F37B7A872F5FE98D48AA43063709125CCEA6E73F86D11803008409344B8F1A441866458F64714EE9B634778D0876B6E142E97E6EF16F3EEAD6CC26816D83D464D4817A6377014FD505B2195BF07C990CA8EC3B012E4D4C5E63998587930B7ABA8E2C38FDCDB1BA497A925FCA03617A0F0854E3E7525DD3DDCC9525CC71DD54F9840065FC63EEFD8FED1BBDAE95B1DEF1333C6F6C86066C7BD59D01BC2272EA866512B959CF540DB646A5ADBA554E20C4BD754845A382C0F49E0AA831B1A83B87BEE8FA2004D6FEFA38BF35FF45C764B1C4A8DFEDA11CD17219CFAA806D743131C0FAC0A10CC670E78E7704B25DA3062ED5140ECA87DE547165A8A80170B9C38111762B42AA8115035EEC354C03B278EAB110F049F32CBC55F1B34106D106DC8E72C039D3EBF9246FF53D22831540058ABF7BF9DA34178A440937E01346D38AEEAC055ED77053CC4760FD0E98DE4C89653A0DF2F1805E4257E80516D3F315D0754F9F68F2390DDA628448AC4A9417BD5B6E5FFD22E63C257E8DE4E4063DAA895866BA0F516818BBE59C7D51C64E56957BF5806D741EFC72C794D39BEB00DFED3CC4EFA2B27E92D4BC4CC956AC9CAF8EAD1F7A277B87B0F7D0D9FDC091682CDA85C96DE02DF02C543368820950C9216D7C1AAAEE4E6BEE631800B4C7DBA57679DDE55266F1F9DE42F8FEA150387386C80FD13F5DD56943ECEA52F83A587D151D849EECD314075065ED0C72407BE773D2FA38CAC56DC14F4F5FDF08C48F1CABA3B9D260DDF2D5307B02E50EA6F73C1FE2F0DDE78D684E9EF2FB3098EAE2EA81FB753703790A455D77F5B911744F5DF4C5584FD4476088155F56B2F9B164F092375C91D134E2F1E38F68F3DC63BB78647F211C2277A03D2DE55F3ECA3DCFDB30B1988299D6AE29BF298D214B5136689EDB19E1B14D185B11CEEC5F4975EF941994F73EF97E365EEF94A6680F625E08F70A986994634B06EBF9E4D46B8300C49AB3FE162F8568593BBE47C46BFC7E82C626A2D8E9150D53700038D4E1262AEDE885A7DAD64CD996154DF44BC6377BD21F035ED4D3C88BEB849CEAD8BE4B644BB8155E131604F0B95A8FD5909FCAEB38E1F0253383CDFFF8D7C9D9F847E2A405B541899457215D03578DBF171C7FF63A872B49F01B816D78544CA22DBA5AA90C9599D4F9E96B890B4475CBA85DCA693152DC85C29450ED06E052DA9548D9E088D4AF54C668459395CDA10A2447F7DC25F11

Emails

[email protected]

Targets

- Target
  
  GJecwa34.cpl.exe
- Size
  
  873KB
- MD5
  
  5b2ac6ed9b0830ec7f1c9eb7deb38c66
- SHA1
  
  0f1011748dfff6a0d0f0c0b9b8bc045da54080a6
- SHA256
  
  92ac711db16da541e06c5195050f6fbd8915255c79ded58f70ba030d37135ceb
- SHA512
  
  d1509fbdf410c943b2df1f05f1ece680dbd45b6090b43985707f6ebccf940cf4d384a235838d75df8f72b688c41fbfc0ef41347dee869de2d7e3dd5aa1da68f8
- SSDEEP
  
  24576:QLVxajaoPDR60nXKJxrYUrG/fNfhgsqYREh3TR:Q/b3MNJgsqYRed
Score

10^/10

credential_access defense_evasion discovery execution impact persistence ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2