General

  • Target

    cab58cc08dbbfef550b2377f053505a5_JaffaCakes118

  • Size

    4KB

  • Sample

    241206-df7draspej

  • MD5

    cab58cc08dbbfef550b2377f053505a5

  • SHA1

    7a1fa9463b973b423677789d64ca686aff185108

  • SHA256

    17c1882b9201a4145a4fa8db895ad8e69a415886e2c8866391ae3e6beeabbe50

  • SHA512

    29bb93c3f1076752ce15a928cfb7d178d1d92121b3900ec0b6dc6ea652f88f8901d28358feda53c15b88a73e2e38b8bfaf9b20264017c2a076722e951e7d0dce

  • SSDEEP

    96:8y+cAl5azln+DtZogvSvxHdJRSBdK4wsZ+/iKFe8L2IjctE:8OAl0z8Dj6vhdJR7X8KYQF

Malware Config

Extracted

Family

medusalocker

Ransom Note
Your personal ID: 15DF7F1871D74CC1E42BEC90D5D9D626F6AF34EA57391CEA9FD1F1538CA0BA0807AF61634F17C258CFC15C3A86A79787D23963C5C8EE469D5ADBDA042C16DC1A DC9286B8CF7BA0620FED10A2A3E82BA404DABEB1800D1C8BB782D7429F722A459A3A707804CCE5A064730A3453EF8EB6BC3CE9FFDE719C9368A8034BBDBC 6AF2B3A21DF6E1FF4365AFAD02B38C9AF9FEC9423E4DD2FFF0BF91112DE91BA79F3643823619BD4217CED096A1CAF25EB462550730C281CADA52AF2500E2 58ACAA1551D2D33B0D1AED9029EE746638B552D9AF7362D550F4C9FD87243C1DC50F946DAAE4E8C0EF4C23DBFF4C115970167749248094D5EFC679A70AAC B6E240637D8D9429B197D3F7B0221297EB905ABA82CF097F1F9DF83B8EC14EC093B00D51E5E9FD1D7601BE33D0864E6EECA66A2D3F854C29FA4AC97CC591 14CBF4E167D4E573516B86F644206208FA578B6A6CA0B414C791C91A85FA0F4F81C008193A0D6CFCF318D2C967DB862AC69B5CB043F42D68EFA295C30059 5E18F1238236CDE6A93250AD7BDA0068916446C19C3908C4DD2ED172D38B959A96656428E0356870C39741EDD080B28185BF8F252390237491BC2AE4DA01 C2BC9555598BDC6F68FE91A0BA59508066BE3F692F708D81AC8477805ABB7ED0B54476DB031A1ABD4DCFBF7013DC55392465F989726CCEEB2BBD4BDF4BDD D62CFA2EADD1493688E142BF408D /!\ YOUR COMPANY NETWORK HAS BEEN PENETRATED /!\ All your important files have been encrypted! Your files are safe! Only modified. (RSA+AES) ANY ATTEMPT TO RESTORE YOUR FILES WITH THIRD-PARTY SOFTWARE WILL PERMANENTLY CORRUPT IT. DO NOT MODIFY ENCRYPTED FILES. DO NOT RENAME ENCRYPTED FILES. No software available on internet can help you. We are the only ones able to solve your problem. We gathered highly confidential/personal data. These data are currently stored on a private server. This server will be immediately destroyed after your payment. If you decide to not pay, we will release your data to public or re-seller. So you can expect your data to be publicly available in the near future.. We only seek money and our goal is not to damage your reputation or prevent your business from running. You will can send us 2-3 non-important files and we will decrypt it for free to prove we are able to give your files back. Contact us for price and get decryption software. http://gvlay6u4g53rxdi5.onion/21-aRlswZwdaPLiH2ghcD7Rh6wuGgFv0BGV-D0a8fGYcTDxDBTFsKQjllhw59moTmD0T * Note that this server is available via Tor browser only Follow the instructions to open the link: 1. Type the addres "https://www.torproject.org" in your Internet browser. It opens the Tor site. 2. Press "Download Tor", then press "Download Tor Browser Bundle", install and run it. 3. Now you have Tor browser. In the Tor Browser open "{{URL}}". 4. Start a chat and follow the further instructions. If you can not use the above link, use the email: [email protected] [email protected] * To contact us, create a new mail on the site: protonmail.com Make contact as soon as possible. Your private key (decryption key) is only stored temporarily. IF YOU DON'T CONTACT US WITHIN 72 HOURS, PRICE WILL BE HIGHER.
URLs

http://gvlay6u4g53rxdi5.onion/21-aRlswZwdaPLiH2ghcD7Rh6wuGgFv0BGV-D0a8fGYcTDxDBTFsKQjllhw59moTmD0T

Targets

    • Target

      cab58cc08dbbfef550b2377f053505a5_JaffaCakes118

    • Size

      4KB

    • MD5

      cab58cc08dbbfef550b2377f053505a5

    • SHA1

      7a1fa9463b973b423677789d64ca686aff185108

    • SHA256

      17c1882b9201a4145a4fa8db895ad8e69a415886e2c8866391ae3e6beeabbe50

    • SHA512

      29bb93c3f1076752ce15a928cfb7d178d1d92121b3900ec0b6dc6ea652f88f8901d28358feda53c15b88a73e2e38b8bfaf9b20264017c2a076722e951e7d0dce

    • SSDEEP

      96:8y+cAl5azln+DtZogvSvxHdJRSBdK4wsZ+/iKFe8L2IjctE:8OAl0z8Dj6vhdJR7X8KYQF

    Score
    3/10

MITRE ATT&CK Enterprise v15

Tasks