Resubmissions

21-10-2024 13:41

241021-qy3vhawbld 10

21-10-2024 13:39

241021-qx9lnawarg 10

General

  • Target

    encrypter-windows-gui-x86.exe

  • Size

    104KB

  • Sample

    241021-qy3vhawbld

  • MD5

    bae8e04226ff74f7c40f9bd2e6e3b4ae

  • SHA1

    87ca31acfcb12b6eac57e1fd47926be330a11e03

  • SHA256

    cc0680de960f3e1b727b61a42e59f9c282bd8e41fe20146ed191c7f4bf9283a7

  • SHA512

    56fa390dd466b36797986bd4ae5ec01fb4717f191e2a0098885a603786c42bceee0f2917b3c961c0b0478d040ef7b0ecfda8504ab254afa2d7688f9a19ebb08f

  • SSDEEP

    3072:vufqM7tExy3nGt1yc0bwEIrn/eufCNzxaR6:mfG/yc0bM/eufCNzxaR6

Malware Config

Extracted

Path

C:\Program Files (x86)\README.TXT

Family

buran

Ransom Note
YOUR FILES ARE ENCRYPTED Your files, documents, photos, databases and other important files are encrypted. You are not able to decrypt it by yourself! The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. To be sure we have the decryptor and it works you can send an email: [email protected] and decrypt one file for free. Before paying you can send us up to 1 file for free decryption. The total size of files must be less than 1Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets,sql. etc.) Do you really want to restore your files? Write to email: [email protected] Your personal ID is indicated in the names of the files, before writing a message by email - indicate the name of the ID indicated in the files IN THE SUBJECT OF THE EMAIL Attention! * Do not rename encrypted files. * Do not try to decrypt your data using third party software, it may cause permanent data loss. * Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Targets

    • Target

      encrypter-windows-gui-x86.exe

    • Size

      104KB

    • MD5

      bae8e04226ff74f7c40f9bd2e6e3b4ae

    • SHA1

      87ca31acfcb12b6eac57e1fd47926be330a11e03

    • SHA256

      cc0680de960f3e1b727b61a42e59f9c282bd8e41fe20146ed191c7f4bf9283a7

    • SHA512

      56fa390dd466b36797986bd4ae5ec01fb4717f191e2a0098885a603786c42bceee0f2917b3c961c0b0478d040ef7b0ecfda8504ab254afa2d7688f9a19ebb08f

    • SSDEEP

      3072:vufqM7tExy3nGt1yc0bwEIrn/eufCNzxaR6:mfG/yc0bM/eufCNzxaR6

    • Buran

      Ransomware-as-a-service based on the VegaLocker family first identified in 2019.

    • Renames multiple (8928) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v15

Tasks