Overview

overview

10

Static

static

3

fcefe50ed0...le.exe

windows7-x64

10

fcefe50ed0...le.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced.bin.sample.exe.zip

  • Size

    77KB

  • Sample

    241117-mjyqfsxhjd

  • MD5

    3dc6ee5172da5104ae7f4fde1d423ae0

  • SHA1

    f32eecc95cff715556ef88a7408cf226098e5760

  • SHA256

    5079098ff83dc3ecd4e990de8bf8c741bcd47ed2c84a32f61633cc35cf42f0ba

  • SHA512

    3c3159717604e5af77eb58d246fd8397d4f425870a988e3d7badfd8fc0dc1a24068abec6f2a15492a7525ac5f781c9f1a6508020ce577ce57d2492903d7a0123

  • SSDEEP

    1536:kwyegpO9YwMeUpZB+M/6ZGseum/tulB0/7JBDXnVqRvoZ8uK6KHtkh:yPpiZMy3XqMlG/7DrcRvoDKrt6

Score
10/10
inc_ransomcredential_accessdiscoveryransomwarestealer

Malware Config

Extracted

Path

C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\INC-README.txt

Family

inc_ransom

Ransom Note
Inc. Ransomware We have hacked you and downloaded all confidential data of your company and its clients. It can be spread out to people and media. Your reputation will be ruined. Do not hesitate and save your business. Please, contact us via: http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/ Your personal ID: ED3E7734B7B255BC We're the ones who can quickly recover your systems with no losses. Do not try to devalue our tool - nothing will come of it. Starting from now, you have 72 hours to contact us if you don't want your sensitive data being published in our blog: http://incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion/ You should be informed, in our business reputation - is a basic condition of the success. Inc provides a deal. After successfull negotiations you will be provided: 1. Decryption assistance; 2. Initial access; 3. How to secure your network; 4. Evidence of deletion of internal documents; 5. Guarantees not to attack you in the future.
URLs

http://incpaysp74dphcbjyvg2eepxnl3tkgt5mq5vd4tnjusoissz342bdnad.onion/

http://incblog7vmuq7rktic73r4ha4j757m3ptym37tyvifzp2roedyyzzxid.onion/

Targets

    • Target

      fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced.bin.sample.exe.bin

    • Size

      140KB

    • MD5

      1fb412212359a970be06b9a4578c1e68

    • SHA1

      efa771d6f699c7240c80260d50925ed8baae3cdc

    • SHA256

      fcefe50ed02c8d315272a94f860451bfd3d86fa6ffac215e69dfa26a7a5deced

    • SHA512

      df059e808f6e7c3af942261a6734f3eb39de8c79e37e7535afcb5171d456d93b8de3337b79a47295edb12ace2856cab38a09f569cf6942044ed1e96818396b81

    • SSDEEP

      3072:PjqfR9mRVMkcc08vFMupAm4yj/qDsxk4Szub2HhSN8zYI+N:OfzmRmjc0n8T4yjlM9W8zY/N

    Score
    10/10
    inc_ransomdiscoveryransomwarecredential_accessstealer

    • INC Ransomware

      INC Ransom is a ransomware that emerged in July 2023.

      ransomwareinc_ransom

    • Inc_ransom family

      inc_ransom

    • Renames multiple (398) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

      credential_accessstealer

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks