d2100ffe58eb50c05d97a3da738ccd1f0be9672c057c26a10140af80595b78c3

General

Target

Gosjeufon.cpl.bin
Size

881KB
Sample

241214-sv4nqswnbz
MD5

9049faba5517305c44bd5f28398fb6b9
SHA1

036c6b32f3e7d7d689c9b4d482091eebcc669bfa
SHA256

d2100ffe58eb50c05d97a3da738ccd1f0be9672c057c26a10140af80595b78c3
SHA512

65a33506f970675775468f80b94a3f8bb2d3672e6fb08fc9f2e5107020095ca6d4bca927c59b72488e2ef4208a64a56ced7511ea14c0445cd50ea3ff9b827f6a
SSDEEP

12288:I2wMm7l55+OeO+OeNhBBhhBBaELPA081o9baXpL3K+HDFgZUid4X9dCU5+Kazw4t:I2wMm7lfCIL3K+gY9dfcw4h3DX9X1

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Decryptfiles.txt

Ransom Note

ATTENTION! Don't worry, you can return your files! All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key. The only method of recovering files is to purchase a decrypt tool and your key. Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned. We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours. Contact us email :[email protected] -> [email protected] Attach this file in the email. ID :7950314B4C10DC8548BFF0341325803E16DE0AA2D9335E8CCEC2317704571248895F2A65EBBB860E2F711C69D9B3EE2254A55FB50C76FB8D3CF9A2C6E01CFE1BE342835D57E499F620E1DB85A685AFB4358C07E48CC002A3B7C2BE8C19F11CD0294D4F5B2D7A70468C23F62654AC8E858311272932E26EE98E0345D0F698F8872FC9101ABDC5975D5DDC96F364F3C8D13FFAD0DA22E9B6BA6F7427D8BAF3E6F69ACE5CE1BF45CAD9A585C9A3BA3931662DEF50E86E0770C71CA1EB9F47C2733FBE2AE3A123BABD788B9EC7270496D50C989DB21C75FCB937E0D48828F897068DC95DC6AEAB1F486435EA70AABB6049B2B1363229FE12591F4D5D8DDEDC8F41F1D8EEF91D43439C1E2D85308D561A98B3E09A9F6C0632A2A375A468E6565CC09C75437FBDC261831A1124C1B02A791C853260040A41A392AA997E65E72B7D1A4F4A68F58BAE9452A9558F4F24B78DD75B43928C6E39725EE91E33A5A2ED4B4D5604467A536F04AFB9220EF49D7B4CCF2A145B37D698676026340605C167D9D5628518BB83C591CC801F172641472CE363503A27A47359357F759BA78604C8B51AC9B06A707A011D3CD1037498A2F9E8CF0E95C8C7A13045D78B17C26DEB48AC9D3736D379A642A43119B91CB4FC01F049667BC13B7882FCF67732F8CA5DB3ACBA76A62931080B77CECD8C1E50E54130855D70554130AACCDF2D9EE254BBD29D40A201A4171499B757B3E686C1CCD210EF12F2E34161F285DEEEF34F3D8D4BD2EEBA1848BA95021B1542E4D79058F69B3B0B83052784F714F8C074B6A3AFCBB9436052AFAB41FB783430604A1544EC4B23DEA3D05F8AD0474720DDEF67F19F40476707C2F47D46CEE8FC568B8511D41A551A6574C3C144E6FDDCC644327E2C01BD6C926B26A9DE9D4710875AACBE08F376817B06FCEC88D827E2CE5A3F2C422A52C34BD95A1885B0552CEE8A96DA7C4E700E8EBEBC4AC8C8216CCDD4D80EEDE09792F9575FC69736C457032F3130069097EFD0083FAADAE0A98F8AF3FDF6D7B2F6B74416323CDF57F4B589B8501F329266E134855BC8DFAD32833B42016BA7462EE73AE12284169711F3EE1E3E0DFEF5C5C4D3DA37EF00B2ACC5ED3A371CAA11D6F8511C18BE1098359FA061EF0E1B37042F9C6ED102A304A248C9C275C29B74E26323E07FE4E469EAE6512F539E32A920E14D85E708A92BF414D4BA2262B85A4FC4186EF8C5BA2FFF6624A65E3A71E3C6D41B898F0B0EA507B0F4B828BD8A6139ADD939AC3AECCC2E39F4A1B9B1CCB31924E531DC9E7676FBB88C3450A18889B1083894EA046F07DC3BCE429A79B2DCFDFEAAB30B7B593C72274D7EE2E093D2FE6858E90194DCE521560360B1788DD98E1EEA1A27E3C1EF6A7CE293733B7F439023E36E9D3B83B73FA0C4C246BEA2CE2FB2B1D4F1966E37AB79C0AAD7C0B1FAED388B6B0269C9A0A08D74A45D62228CF63B5AAC909C302097A81CF3F7F7034D14345911FAAF0255041BB366913E47C1F3CEE69E471DE50796FC8A069CD88F4DA4B8BCDA0781CFD4C52B13335A7054A297EEC82FA5D5E9C6525E8BE074104223A2EE88CFAFD8BD89035F4B36EB2F340C8A711861F150346D176228A1EE382B61204A8304EFE9C91A6C89AA0498C00DD9BA4A759162EBF2D6281F505B5069CBAE933D75A342F67E3319F9177604B123F3C2E3FEF1CCD30215EE6315D964D4B4701BEB7011E5B557E8A7AD92BCF9A5A80A1881205B5B1064C81013F9184CEC6365533C4A57C7811A8D3782DCB161C60754375806EA1DFA6D5C8C1C45EED7B408A7A68B3E5D93A47EF5C80AB7B659D581706A5ABF3B49293535F17B89170FFB1DEC95E56F86A3DD283EC48DC309BDE4B2DE6039ED92C266087B825C9957AA52D9B3B70927A872BB7B6D608F3EF0840A6D8B71DBB408E7535012A6326C0F56A7E130766B2D5C45D8FBE2935E6A7F24EC46EAA528BE52193479FDDD9CB1702AEA6D29D04DD484F4C27C67AFB9887E686860BFD0E8C3680B97540C6C42CA252E5C3372D9F46B564B3A467C2A6EE148162A19FFDA64A241A7F01E2BB6E53195E4257B354D3A3E6D7FB1EE048E209D90765EB076234A1AD8E78540F7369CF632FCCF551B95B74FDF0A8BD198798696C34F70EF0342DAE0CE43D4438F723B4019DBAF552ACDE695912925B7738B190CA61A6FB48F530047099C8B274ED5F0D7026C3913A4686BAE806E805CFE8F8AB1C4AD0CCFA0A8138BE008ED20F4D266391959FAB8B10A00F01CF25B4B8E2F392AAD0EBF52DDB6F7872D097E72C543E0340561E9A4EB39CEFF72014930B4E5B76B0A2A5B2822F1D126961685C9DE5D48E8144BCDC020E2E5DA1A917CBB8B929F844E

Emails

[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Decryptfiles.txt

Ransom Note

ATTENTION! Don't worry, you can return your files! All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key. The only method of recovering files is to purchase a decrypt tool and your key. Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned. We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Check your email 'Spam' or 'Junk' foeder if you don't get answer within 6 hours. Contact us email :[email protected] -> [email protected] Attach this file in the email. ID :644917EE5D893641EE7C8FC4E29DF5DEF0F5F9ACB12CBFE6587A4D2C6CEA884A9EAD44CFAE0105BDDF2489230B5795AEA11929352F03DA1BDF107D0E5DC91D07E45D8045388EC88BA2224E46DD690C032AD330F445026B0C58E2F522F5DBB9AEC18E3B107A92A1E6F6375F627A3A90C9BCAC4929FB9F8C87A52B3EC4664DA632A2537A9137D44A81C9B4C6BC24634A8FBD034BD11474F5778818F7D9B9BF20DF4B1212DC959F6CA3266FAA1AE552262109584AB7F23EF079AF770568FFEEB9EB9FBA77D70F3F70F55356838750E6D25FD108AE41AC7380D464788C88DD9A6CF674B769943AFB93D259F4CFA75CEE9E23E91DA6CC424C6299287303B7D251759E30B9061E6C26635578D8EEE81E6AEC2C967546A6EDDC4B79055513EFC7A107A3383FEAF1DC04F2E379E0790B0D8860EB12AD5810264306802F16CB84851F18F8AF4F85444C75C86B87DE9CC693FEF80A43ABF2ADA905C91CF1F20C398912A8D062B9B9F6281701E0198F1CBCA63D997A2807453F5D9020AEA505184AD6AFBFEC3064908B6A78031A9E9AFB096EBECAF48B3F883098473B5BE43080DAABBF9C54CB3950C86F82AE38CA6D0C54E73B99BF7EEFF60502C7D9E0E27350F2FDBAD2C9AD0DBF9D4FDD94E94C81FEF75F39CD38878B60CCAE1BC372BD6C9C8AF0EAA228589B16D9DA1222E9509AA41669D623E3FEE02A580B93C52E5E9E0118FE799E6503668C5B384252D9E71395AF83DAD64976CF3BC909484A63D6B0F11479E0D2F121D36305F2E10516A3FE23128324C6401DC8B3CAD4475D5FDA7314E9171E348EBF3D5C3DF9F9BA078A2F11C125824ECADEA3B41FF2A252D90A15DBA99F5E8ADFE30470C73E5E78BA664A5B577D6F2484326E2F14AB10311493B021F7E8931755E90A034EA9A14D8256E040A7CF0B99CF60F037179FC100F014149D2C00AE2152A33C195F995572230B47B09FB9527BC347ACB82E30D8C78534F1DCD36ED0B2BF755761E7CF38EB7F71816FCB035E8A7681B17D6CF3628097B8C67ADC950D27961C46B121B32F6DCCA4464790A624D5EBD2F8C763F4341003693E68A191D001044DD82F43D1636B6456F40C76EFE4ED545B23355E9828E90B107027329BD4B7C029FD40C1A442A7BD6DC82C1C4535CAAAD73020F6C48D7AE6993F2D21DF0BE581012F0FAF960F6C938EE31F3DE98A4D774661C7A16EAA12C29C946E32FA2321F622466850B0137E80E16BAD603B5A6BAA0AD6B0689B951AB55A16199E629F6C1D7A23BE935963A399EF5674725976B193E4E24AE8B23F1F68001F1BB65900D70EBF71BC24E0254D51E6FFB8135322E7FD7143B4CBA92C83FAC16869172C9388629CDE802A7ADCBCC3B6652E68C181EF1669A27CAEE3FE9E3063617546F41C4F78F07D13FD3326DFD184490843BFB34C748131C91D11193221A20BA21F9D63013C5C180B0335DCC6B508A2218F06BC329139EAECB44DCCFF0A62BF5B0B47B95F3B7E960C72CB63823CF7FC3AAD980B5BF79533F684AAB96D038AB2B1FDDB3A18040574B6E631DF0565506D454841B5F661A26FEDBD8FEB44A36E3100FBD03470269AF96C9A4216CA61D3AC4803C7CF08F02CD67DA7120A1C4105E177DE065AB212C928AEBE0FE2F64E97AB59AEBF30685EE7B65852DEEEEEDBED2743EAA1D0FD7B595ECE384117D9DB31E0C137D905E81782035405D229458D042859E07CF8EDB16DE780B1A33839FDFF861644AB5E45F515BA2432B0B143F9E458F0C441F08477F3F86FCAA8CEA221906D6AE3E26AC1F3086BA997E4C229853F4C966B8F603FD86DB308922BE9E4B940FC346368F10DEE681F483B73C24007153EB862A2FDE86F04EA032BEA88860EF367A4D04FD68F53AA0972689EBF0F7A3F5DB4F807559F51A0FBA8BE75C96D6F2C2388541FCB1BC7D4EF4702717371935B7BA110CA09577525757D01A4BD7BCCCD2A0402E8ECA396E7A7B30EAB28EB1A7625B5C2206DC7CF6D90342B3A778CF0FE9AADF6C4EA513C9F50CB49C84959F6F6F5C8136D4A3EA4AEDB0F82D02ECB6215B63816BB9AB8FFAE2DFBDB016105E981E8910DAF6800B18FE515B11AFD3BEE2FCE099329512E372FD7B0E2492B1E0E07B08E0AD70D5DC59802D133FAA167061E9352FAFDF913090E88F9CD3A22BCAAEFDDA4290406DE1093FBFDBD83F08C1F6A5AB807D29CBF4FE038812F8B176ECB7E03DFAA0E2C974499931644EE0284594C0859594D5CF717F66534BB0566250CACDCCF1A2F4CDFFE613884E7305299C9A30D910E72D56C8756427F2D419E1935A86D6737D476AB35AA6711AEC7F25E146B131421A01A38C4A6DA9CFC54D4072719D826BFF058718242487902CDC1A7E227AEA1

Emails

[email protected]

Targets

- Target
  
  Gosjeufon.cpl.bin
- Size
  
  881KB
- MD5
  
  9049faba5517305c44bd5f28398fb6b9
- SHA1
  
  036c6b32f3e7d7d689c9b4d482091eebcc669bfa
- SHA256
  
  d2100ffe58eb50c05d97a3da738ccd1f0be9672c057c26a10140af80595b78c3
- SHA512
  
  65a33506f970675775468f80b94a3f8bb2d3672e6fb08fc9f2e5107020095ca6d4bca927c59b72488e2ef4208a64a56ced7511ea14c0445cd50ea3ff9b827f6a
- SSDEEP
  
  12288:I2wMm7l55+OeO+OeNhBBhhBBaELPA081o9baXpL3K+HDFgZUid4X9dCU5+Kazw4t:I2wMm7lfCIL3K+gY9dfcw4h3DX9X1
Score

10^/10

credential_access defense_evasion discovery execution impact persistence ransomware spyware stealer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Deletes itself
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2