Overview

overview

10

Static

static

3

3dc6902dc8...17.exe

windows7-x64

10

3dc6902dc8...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3dc6902dc87d976787bdf0878e7174ec526df613645d3f275e0216d05cf2d217

  • Size

    603KB

  • Sample

    241016-l5w83sybrk

  • MD5

    eb13533a89da9762d93de5d54966df5f

  • SHA1

    c0d2cef9149395218eb3a91afe6cbbdbf0181c65

  • SHA256

    3dc6902dc87d976787bdf0878e7174ec526df613645d3f275e0216d05cf2d217

  • SHA512

    30c2bab2b0729bdc54797421c5e1611a2ff842a29815d3cf4da320efcc61c50a266f78a97df53a0f0a7c297393ab460b9795e9bc63f5c80cc2f31d75e6cda5fa

  • SSDEEP

    12288:GBgmEvHIqBTQtTdfYBgfS/fIPgA3EFIpGXfQcytS2nF6hBq:GBgmEvHIq1J03EFEG9H2nEq

Score
10/10
ransomwarespywarestealer

Malware Config

Extracted

Path

C:\#HowToRecover.txt

Ransom Note
Your Files Have Been Encrypted! Attention! All your important files have been stolen and encrypted by our advanced attack. Without our special decryption software, theres no way to recover your data! Your ID: [ 35AEE360 ] To restore your files, reach out to us at: [email protected] You can also contact us via Telegram: @adm_helproot Failing to act may result in sensitive company data being leaked or sold. Do NOT use third-party tools, as they may permanently damage your files. Why Trust Us? Before making any payment, you can send us few files for free decryption test. Our business relies on fulfilling our promises. How to Buy Bitcoin? You can purchase Bitcoin to pay the ransom using these trusted platforms: https://www.kraken.com/learn/buy-bitcoin-btc https://www.coinbase.com/en-gb/how-to-buy/bitcoin https://paxful.com
URLs

https://paxful.com

Targets

    • Target

      3dc6902dc87d976787bdf0878e7174ec526df613645d3f275e0216d05cf2d217

    • Size

      603KB

    • MD5

      eb13533a89da9762d93de5d54966df5f

    • SHA1

      c0d2cef9149395218eb3a91afe6cbbdbf0181c65

    • SHA256

      3dc6902dc87d976787bdf0878e7174ec526df613645d3f275e0216d05cf2d217

    • SHA512

      30c2bab2b0729bdc54797421c5e1611a2ff842a29815d3cf4da320efcc61c50a266f78a97df53a0f0a7c297393ab460b9795e9bc63f5c80cc2f31d75e6cda5fa

    • SSDEEP

      12288:GBgmEvHIqBTQtTdfYBgfS/fIPgA3EFIpGXfQcytS2nF6hBq:GBgmEvHIq1J03EFEG9H2nEq

    Score
    10/10
    ransomwarespywarestealer

    • Renames multiple (7779) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks