aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66

General

Target

aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66.exe
Size

16KB
Sample

241017-wpqrga1cpj
MD5

c9fc5ead99455414732c85614c676afa
SHA1

99ae4a704b37bd1c3f190f99b52493f68bcbe3df
SHA256

aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66
SHA512

45ffeb541e4124939243a61b982ff11ece9ae8d8171148d354a346766f95f22e85e4504dcb705ac83bbc96ce1d8567c294c5c5f6bdeb01c251dd51328ec89e72
SSDEEP

384:5iNZKe9HBSEbVfBD6LeGzauQibQzisfIIG42RzRTK9oXjfdrMEn+eSkjvka95WVB:g3Ke9HBSEbVdUeGzBQoJKua6dsr

Score

10^/10

discovery ransomware

Malware Config

Extracted

Path

C:\README.txt

Ransom Note

!!! ALL YOUR FILES ARE ENCRYPTED!!! All your files, documents, photos, databases and other important files are encrypted. The only way to recover your files is to get a decryptor. To get the decryptor, write to us by mail or telegram, specify the ID of the encrypted files in the letter: Email: [email protected] Telegram: https://t.me/returnbackcyberfearcom Warning!!! * Do not rename files. * Do not attempt to decrypt data using third party software, as this may result in permanent data loss. * Do not contact other people, only we can help you and recover your data. Your personal decryption ID: lGiKf865

Emails

[email protected]

URLs

https://t.me/returnbackcyberfearcom

Targets

- Target
  
  aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66.exe
- Size
  
  16KB
- MD5
  
  c9fc5ead99455414732c85614c676afa
- SHA1
  
  99ae4a704b37bd1c3f190f99b52493f68bcbe3df
- SHA256
  
  aa99c913decb96133a013abe8d71a057862e3328e8297c959c8eeb063c283a66
- SHA512
  
  45ffeb541e4124939243a61b982ff11ece9ae8d8171148d354a346766f95f22e85e4504dcb705ac83bbc96ce1d8567c294c5c5f6bdeb01c251dd51328ec89e72
- SSDEEP
  
  384:5iNZKe9HBSEbVfBD6LeGzauQibQzisfIIG42RzRTK9oXjfdrMEn+eSkjvka95WVB:g3Ke9HBSEbVdUeGzBQoJKua6dsr
Score

10^/10

discovery ransomware
- Renames multiple (286) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Renames multiple (286) files with added filename extension

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2