General

  • Target

    9ab15f7127f7c5b85ea1295e80c0c01a.bin

  • Size

    11KB

  • Sample

    241006-pcaq6atajr

  • MD5

    29c368acff862ad80cc6f6ed00277a9e

  • SHA1

    fc7610f9c617ecf20cb3130e3ec0ce6cbbaff732

  • SHA256

    26f3bc35adab31856979030c0c1c0bb083fc2c67ec63ce755284758737c0ce50

  • SHA512

    9954dff74ef94e822f0f3a42f694760253be17d360e378877c8299b70025c691ba0d3f3585b812cf333444f714b233180722e568d126d22821cc9ba753bafb66

  • SSDEEP

    192:xthgrBoq7/cipayGOHfgHaxlXVkav/ZokG9wqXGFH1MraXTTv4qU3w/3f:7arB30kqOYHAlXVkavhDGyqDy3vCy3f

Score
10/10

Malware Config

Extracted

Path

C:\Users\Admin\Links\Readme.txt

Ransom Note
All of your files are encrypted and stolen. Stolen data will be published soon on our telegram group. There is no way to recover your data and prevent data leakage without us Decryption is not possible without private key. Don't waste your and our time to recover your files. It is impossible without our help --- How to recover files & prevent leakage? --- Complete a payment of 300$ to this BTC address. Bitcoin Network: 1AgTC4dyUd73k322jwABVT4Yt7UVxnZD98 We promise that you can recover all your files safely and prevent data leakage. We can do it! --- Contact Us--- TELEGRAM: @spartan4A10
Wallets

1AgTC4dyUd73k322jwABVT4Yt7UVxnZD98

Targets

    • Target

      d4f354a82179cefb8ddb5cacf042457d00666266a76b1c949352ae4f55a072f1.exe

    • Size

      24KB

    • MD5

      9ab15f7127f7c5b85ea1295e80c0c01a

    • SHA1

      69be3fe1f42e4f342689347d0f7b9d72370cf145

    • SHA256

      d4f354a82179cefb8ddb5cacf042457d00666266a76b1c949352ae4f55a072f1

    • SHA512

      044c68f18c7d9490c183c693cc9ae7825eeaa62c88a78d9606c09ef237bf440423877c9b2b1aee8b70b48af13a8dcf2dba5bdd29fca6de4c57a23c23850e6076

    • SSDEEP

      384:qlhPJDRD9Jno/+v5MY2D3ECZhAc5gxYLfUVIbsRlvrV:yhPJDRD9JnoUMY2Rgx2fU+sRJV

    Score
    10/10
    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v15

Tasks