Overview

overview

10

Static

static

3

important.exe

windows7-x64

10

important.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_a2c793e5586953616c24b7f2fc8d7a2f86797ad4eec4e457e551792bb4b8707c

  • Size

    3.4MB

  • Sample

    241223-tlgchstrbs

  • MD5

    36ee9c4e7d686e75e767dd7eb49eafd8

  • SHA1

    e758f2b1ae6fe455c22c0c57faebd163f2ea4243

  • SHA256

    a2c793e5586953616c24b7f2fc8d7a2f86797ad4eec4e457e551792bb4b8707c

  • SHA512

    2c67a03ec7e2a0660269ef930fd37668f49c77ea41507d7d5ebb8f9d95a617b214d3934de134c8d6aee361159846a84ff17586d96b78183d9fd1d06f797181d2

  • SSDEEP

    98304:UuClR5uraVqJNTcWSAWdJlslEJrzirJbzARcX/j6g:ZCH5uOEjcWS3Jl+urozARcX/j9

Score
10/10
metasploitbackdoorevasionransomwaretrojan

Malware Config

Extracted

Path

F:\!Please Read Me!.txt

Ransom Note
------------- Oops,Your Network have been infected!------------- Dear Admin All files on the network have been attacked and encrypted with a strong encryption algorithms. RSA 2048 and AES-256. All your files, documents, photos, databases and other important files are encrypted by a strong encryption. Don't worry, you can return all your files! We are the only ones who can decrypt your files Through the unique key. what should I do for decrypting my files? If you want to recover your files, you must purchase a the unique key You must pay 300$ bitcoin to wallet : 3JFgm9SMRxSP9YWPZiSCsezXvWZS5aTsaR for each affected pc or 1000$ to receive all pc affected your network. DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. As proof you can email us 3 files to decrypt and we will send you the recover files to prove that we can decrypt your files. Attempts to restore your data with third party software as Rakhni Decryptor etc. will lead to irreversible destruction of your data. To get this software you need write on our e-mail: [email protected] Your personal ID: iY03EkOvX068R9vKRAT+SpKnFzCbmZYmFendS2L5M6V553p8iiD59IouL4u+FTRDz2+kk0+E3pCdbX4dq55bqaBSsg5kYFLNPqcwgXCkumWkbH9xZQBXy/m7PhGXJCTi2+qCU9pqbPI2Ijx20Cr6nIIif0xXiEuDwIWBGz9b2qo=
Wallets

3JFgm9SMRxSP9YWPZiSCsezXvWZS5aTsaR

Targets

    • Target

      important.bin

    • Size

      3.5MB

    • MD5

      18a4199cdc67767f148535e57d26cb1c

    • SHA1

      e4da84914bcd047f84d2065097098bea676835bb

    • SHA256

      9af8cf4ddaab23832526a008ffab1fa8606dea6eff0eddab55ce88866b79eb31

    • SHA512

      d3f470eb1a5de29ee45b96f706e84cf8ad5e652278b8afa2236f8597e88f2f9abc6436757544544787f0ef6b9e63b79cf83743bd3ffbde552ea5df65c92acf57

    • SSDEEP

      98304:aeZ/bzQdEMgMsae2FhINt+WFsqQMyuyKFCz54IS0k76qe6VrpmPrq:hZ/bzrMgMsae2jK+WtQPQvIa6qe0pmPG

    Score
    10/10
    metasploitbackdoorevasionransomwaretrojan

    • MetaSploit

      Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.

      trojanbackdoormetasploit

    • Metasploit family

      metasploit

    • UAC bypass

      evasiontrojan

    • Renames multiple (68) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks