chimera

General

Target

Computer Raper.exe
Size

85.4MB
Sample

241124-amn9zazrdk
MD5

bdb24ed9f869fcd462b316148514fc5b
SHA1

83935122b626378a3149e9036cd751514add4b52
SHA256

83875ea85b183c609c5ddcd92afe62265745192a417b80524f12741fc028aca0
SHA512

12fdb77a75debeacbc4b98cac45d09a7bcc378bd9bd51bbc035838b99c1d595660d5c0961a2d041b2e8359f3b5b096f589d39453ada9874436411b94b8b0d611
SSDEEP

1572864:NUkskQ1oOZrCqix58TkbajhXBFEQT9VotzcJ97:N/NQbCbmXXEUvoM97

Score

10^/10

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\S-1-5-21-1361837696-2276465416-1936241636-1000\FFSAJFUZL-MANUAL.txt

Family

gandcrab

Ransom Note

---= GANDCRAB V5.2 =--- ***********************UNDER NO CIRCUMSTANCES DO NOT DELETE THIS FILE, UNTIL ALL YOUR DATA IS RECOVERED*********************** *****FAILING TO DO SO, WILL RESULT IN YOUR SYSTEM CORRUPTION, IF THERE ARE DECRYPTION ERRORS***** Attention! All your files, documents, photos, databases and other important files are encrypted and have the extension: .FFSAJFUZL The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files. The server with your key is in a closed network TOR. You can get there by the following ways: ---------------------------------------------------------------------------------------- | 0. Download Tor browser - https://www.torproject.org/ | 1. Install Tor browser | 2. Open Tor Browser | 3. Open link in TOR browser: http://gandcrabmfe6mnef.onion/a95c96b5ec64b6b8 | 4. Follow the instructions on this page ---------------------------------------------------------------------------------------- On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free. ATTENTION! IN ORDER TO PREVENT DATA DAMAGE: * DO NOT MODIFY ENCRYPTED FILES * DO NOT CHANGE DATA BELOW ---BEGIN GANDCRAB KEY--- lAQAAKUYUpIeVwdCWcZ91bwYwEllNxL7PBcey2OyB39Ifk1/21O8MlEScOzzQuVguR0m5MfyqfspQ0jub5Rbml/MeHYb+PpeZ1iGW04sGcEVRAMj15hW3aJsEkSzeXIz3fCxSe2yMsMY+gwbbEW8zg8buGITiZxVPFNRKvSZqyn8X7dU6IXQ19QJNFmrSqTNoxhehGjWrROGk2rVd3QfTrv1tzelX5DURFlRLe3C968ZpEFiIuFwpMCvTMvy+Zj4hP+atC2654durAR9U0OkgrD8uvOrwiHqkO1Q0UXZeAeO3M15ZXMW1uadvFbvz0e6kOJqeBTTjiz+8y90FCHDErQ6VSP6aGRMhG0wpMesOuZ7LvQEdbPvwKPLSPBPuQ7jakFLgqU5o5p7dHgFrf3cypOE9XRQ+gmmR609q+Cf117SvQsCMgQ12MyoHcgNC67fxvoHRZHdK/Xaj7Q2gEIbNFJVzDbHguVXw/jND3BvGZ/cA8hs/kFnQVrzQe0FLyIUshU6EiyEunp+/SARdKc2wOPN61Ha+DcvZ0H8ir4fZQQ9gFr8j6w8hGJgxnN9+akVsy8R6MS/KKk4gnbXiVZ2vbOpgdq0z/pSGd7t6OC7po3JqExRIn0TIf3pBgwEo2q0CG8rt1GK4oWtNkORX6FYAE10tcoqpEwjw9MNMkD2SyC/zy286GbA2rReYY9gURTLH3OM4jTtZ5g+1DwrxIyy5ROnvbys8XtT26IlUx95+CrCVZ7mwZCzxebDk9bmUccl7Ur0Z8mnGvsbK+ojx6N4cqBc7MAY8EwQV/nLN/uK2orgREhWUY7MbQ3Q/knwDMek7xigKCqknJ7HE9WuWmn9V+ebrWmS6d/uTzEwOkyMjG0TazAjuV8hf9uKzZ1G5FEQHFrJGblJQYpWV2UQLLJQmNcqL3KujBFiFs9XhUcUxyCSYhTjjIGK1Rw3nyfONdmwQdPvgTK3+WLPJPRGNW3uJKeTd0U4py5oEgkz078ApXKfeY/2i2E7woHOdqeSvBuo1uTykV5P/okXj/7AOM8AnN8SFIOyJsMKH1b43N/iHWuorG0OgDT40tVAYB8KA2gEUImpt991zAEoHLWB4eH2CY9hUYgXTR+7eMmdpz15sGqVO/sW2r5b65tAUiYFojURMFzDqGoonfOC9Bt1fUUSJQ+X4MFcUVPrsKlWHqG4Pn2PXww5P3Lvub4cLvGBWXKREXCWowKMIY4tMPbJAgEzQ+ZTsFJkStkoEg4kBNcOXaH0hlUputtRdH+ynuWY1sIssk/37meAfiCdjvldnYwuz6NdQ7+DDcStHL5FCGq7B/m4ka8v3CZUARokT5w1X8rN7+9h6sSASOwm7g90cSNXSdwrfVo378VHaU6vHCpiZwcohGc5xQnYs8zhK5mTDrH2vKs60gG1OXHvn+dVAXhw4oVHJn6vNlh+rK3l3+l8+Rgs+QRbRNyA4mjc4Iowl0HbsTXDSfw9BzJNo6qb5W7+9VO1io6Ffj+sdCnmW+sULGNq9sia5R4TOaC9macrJFty5Xe/r61+vCPCCHHt3jSlYi3UH8eYTATHHRDG0riTNHnI7X+/slIWX5fIPsUOBBftu/mAzueTDk0NIvWMDia14u0rVL/Qmt7bbeAiCe9lG4BnDk7d10xPF9dWioBF2+NShRZ2uQk82vMViyoVUuvfVlkAxuCp7PlK14jjtNJm5rhMCqUPHqNqAuvFrcQlwR1IRkvBXqH8D/U1tKJZobQk87VW+iF/ac+P63lgIRrNV90dqRruDwJYNGtwjcG6dFJSl7b8xdSPhfB6pPwQLBvPMxXW2if1l9Ex794FGJrgmUjAwsvM/W/k/AOgnZfMLIskNhvov7wPSDKk1xdbs+bcOTPicTIYbyE4vbxZ9+myorKre2cAnbCbUdObQAnb1TbTUtZyLbhP08NNMZFSxrPRWjli36SEYrTgXHL1R3QxjhkuZ8qQNdmPJheErsmtSwHHoqsDqFL47t/K+IGtRoJauc4P4BHwyo7PGes2WASFblCrKpo0RO+ZxyflwYjiho3t0dPzXzk/yCpiOFrQi8rDm8QrVCbNXIlqaZVJ8CjzGsa6GUtV5ZP2mvc40MLnomJA+SHamQD3Xycr13GXGJpsHO1mqytc2h8t1oyrGrc8H45fhcmiMXQYxjyiAVLhbVOOtF/fZ1p0C6p+4e/BObxUQ6zLvvjx5HdQTitpJkcRUXLlASzXz5ze4/9nFenxIuv3Ckor4B61y+M= ---END GANDCRAB KEY--- ---BEGIN PC DATA--- 7ftDEgLb/ZS0lcmZbHM61KDJ6AOtD78KkA7absMgUXYxWLsC+5+UYF9xVmDq9MzJN5DCAu+Vp+DGRWnIKnQXQzua3LPyzokSUuglaqKXwabsGM4pXku5In6gtMQMqg7sgEh1XW1iPMFgiUj/s1LdWpJHdiPjMpn7rCZNO/A31mak0K8RefoREu3BxtlAsseHWfVIIKN0U4NnA3w0Ga7XDLlF3iOIB6ImYbF6Z/7MBN2mgBr2rZ2gU1R7jNx2WKAyu4W+5zlHFnKwMISBi1CwemWoy1rWnPOZxV8SSVjOsTAmmL/7s4CzGBkpOKj7RToVZfeU0wFSACDBtKyJP9BcBnpq7cZhR723XrGVmYCRgUfRP9Dy+fM2LL3jX6Owrw1W4OYvT0bJ2/bnLzB06veHSySz26B+oWfFo533PDqxlSg7ubDoQVp+6k2VyOmsqBtvY7wKrt0yoC8O1fylWzmQ7ql4Gew6gTqwNkzeb5UfuNxXLW2jrLjVwFni8jPDKIqgjY3pWN3+hglhvFqi4oFZEvhEsSM+AN7hzdQWIEz1U0GTyeyMcZ0O1go/+eQSe20E23SaCuLrfdcRPB6VJMorLqwb8AmOcGyVvrCSEaKsTrSHnIyaYEIrb5s07lHfcy/ShKIdDA3FyYH6qAJw1UbUxI7G7XVYm+fKMPMuEsCdCZihzgpfE7oT7wA2q18= ---END PC DATA---

URLs

http://gandcrabmfe6mnef.onion/a95c96b5ec64b6b8

Targets

- Target
  
  Computer Raper.exe
- Size
  
  85.4MB
- MD5
  
  bdb24ed9f869fcd462b316148514fc5b
- SHA1
  
  83935122b626378a3149e9036cd751514add4b52
- SHA256
  
  83875ea85b183c609c5ddcd92afe62265745192a417b80524f12741fc028aca0
- SHA512
  
  12fdb77a75debeacbc4b98cac45d09a7bcc378bd9bd51bbc035838b99c1d595660d5c0961a2d041b2e8359f3b5b096f589d39453ada9874436411b94b8b0d611
- SSDEEP
  
  1572864:NUkskQ1oOZrCqix58TkbajhXBFEQT9VotzcJ97:N/NQbCbmXXEUvoM97
Score

10^/10

chimera gandcrab mimikatz backdoor evasion ransomware upx
- Chimera
  Ransomware which infects local and network files, often distributed via Dropbox links.
  ransomware chimera
- Chimera Ransomware Loader DLL
  Drops/unpacks executable file which resembles Chimera's Loader.dll.
  ransomware
- Chimera family
  chimera
- Gandcrab
  Gandcrab is a Trojan horse that encrypts files on a computer.
  ransomware backdoor gandcrab
- Gandcrab family
  gandcrab
- Mimikatz
  mimikatz is an open source tool to dump credentials on Windows.
  mimikatz
- Mimikatz family
  mimikatz
- mimikatz is an open source tool to dump credentials on Windows
- Modifies Windows Firewall
  evasion
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1