targetcompany | 8c4731c1fbf49ef59d696d72db1aa2576e422ff788c4cc65d19a916a307b8581

Resubmissions

29-09-2024 23:33

240929-3j92gswcpr 10

27-06-2024 11:48

240627-nyjqhszcne 10

20-05-2024 02:34

240520-c2m2kagc6x 10

Analysis

max time kernel
144s
max time network
133s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240522.1-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240522.1-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
29-09-2024 23:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eb32de1ec33ffaf2add6719d3bbc2576bc468086252c12efd8b5dcc5e44699f
Size

1.9MB
MD5

121f43dfb68b710165ec47b2e102b50c
SHA1

dffa99b9fe6e7d3e19afba38c9f7ec739581f656
SHA256

8eb32de1ec33ffaf2add6719d3bbc2576bc468086252c12efd8b5dcc5e44699f
SHA512

6d7d62265b852e7adfcf5903f8b7a6c3cd0329a0d95a5e1a70897775da4e77fd125ba1949c06b2386fbfccbfd713a34c6f014ba92c41d55274f34f767d38945e
SSDEEP

49152:GRooXHbhpWDbkVdmAxURyLAlLcbxY9CE5r9:toXzmSURyCxx

Score

10^/10

targetcompany discovery ransomware

Malware Config

Extracted

Path

/tmp/HOW TO DECRYPT.txt

Family

targetcompany

Ransom Note

Hello Your data has been stolen and encrypted We will delete the stolen data and help with the recovery of encrypted files after payment has been made Do not try to change or restore files yourself, this will break them We provide free decryption for any 3 files up to 3MB in size on our website How to contact with us: 1) Download and install TOR browser by this link: https://www.torproject.org/download/ 2) If TOR blocked in your country and you can't access to the link then use any VPN software 3) Run TOR browser and open the site: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin 4) Copy your private ID in the input field. Your Private key: 5FCC75F99340B11C9C170FF9 5) You will see chat, payment information and we can make free test decryption here Our blog of leaked companies: wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion If you are unable to contact us through the site, then you can email us: [email protected] Waiting for a response via mail can be several days. Do not use it if you have not tried contacting through the site.

Emails

[email protected]

URLs

http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion/mallox/privateSignin

http://wtyafjyhwqrgo4a45wdvvwhen3cx4euie73qvlhkhvlrexljoyuklaad.onion

Signatures

TargetCompany,Mallox
TargetCompany (aka Mallox) is a ransomware which encrypts files using a combination of ChaCha20, AES-128, and Curve25519, first seen in June 2021.
ransomware targetcompany
Renames multiple (71) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
2	api.ipify.org

Reads CPU attributes 1 TTPs 1 IoCs

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	8eb32de1ec33ffaf2add6719d3bbc2576bc468086252c12efd8b5dcc5e44699f

Writes file to tmp directory 3 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/TargetInfo.txt	8eb32de1ec33ffaf2add6719d3bbc2576bc468086252c12efd8b5dcc5e44699f
File opened for modification	/tmp/HOW TO DECRYPT.txt	8eb32de1ec33ffaf2add6719d3bbc2576bc468086252c12efd8b5dcc5e44699f
File opened for modification	/tmp/gdm3-config-err-T5tVFU	8eb32de1ec33ffaf2add6719d3bbc2576bc468086252c12efd8b5dcc5e44699f

/tmp/8eb32de1ec33ffaf2add6719d3bbc2576bc468086252c12efd8b5dcc5e44699f
/tmp/8eb32de1ec33ffaf2add6719d3bbc2576bc468086252c12efd8b5dcc5e44699f
1⤵
- Reads CPU attributes
- Writes file to tmp directory
PID:2553

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/HOW TO DECRYPT.txt

Filesize
1KB

MD5
6da16763e6150367db6e9cb41380f5bb

SHA1
8993eb013183ca1ee101ba6b63450c9c643d3bb1

SHA256
1bdb873231a6ec9c540490f4c99850a31bf0186a23994eb17ba96d00c70538c7

SHA512
1e6b0b72a6ddceb8fa20042502dbab78b0521a36d87112dfa52e6f6f8aa6dc685a6f5d1a46f29cc1e5b9aaa01fc06a49ca4b9e8b8456e21493c02c8b1e56611d

Download Submit
/tmp/TargetInfo.txt

Filesize
105B

MD5
9f2b34c2a1b115b6ba2656ce2d34616b

SHA1
0be0c7c886a204f21b374cc0ec6def1b7fbc284b

SHA256
0625391fb9a9d344317ba5f2e5758c329eb862ced367f52953c3e449d09488bc

SHA512
42608f3731cd72c0364ecc89169b4648b522002399567efb528bc92f20266a84f0b9cf59f1e3f2eb654f43c9b44b69c19d06462a7afdfcd709fd59730c5212b5

Download Submit