hakbit

General

Target

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
Size

80KB
Sample

250123-c1ad3sypcq
MD5

8152a3d0d76f7e968597f4f834fdfa9d
SHA1

c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
SHA256

69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
SHA512

eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
SSDEEP

1536:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/suIicRtpNf8SgRXt+AacRDVX8C4OntD4acN:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/su0

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt

Family

hakbit

Ransom Note

To recover your data contact the email below [email protected] Key Identifier: ABTTPK1vR9ZlFonXKffwEvx5Km2PC49bDg3/N2/b+gfw4n1xvVxplKMfKx/pgIa1RZb7vkeF3kRNwmS/V4jGKP+Pv2ppGVR0seSI44+0YIh+m8aePDt+r5FnkRsG443lM8ZqEbOkrtUn8drZqslfSYLIiMOASy7eV2jADkr2/4sQPyUbhNmzdDsqF8/7jIao7UHVPdRLUiPDzX5jx4uvcGD84IIKbiCLHNEmzQihber2f7mul4oj3C6PRG2sIhT+BQJVTDVWohQRm+/qPaJDTTakXGlBhj1ptLTeTuEoOluBcsnR9Ln9HWD5fnAXddwX0/3qR9dPYv6QuyocMbKHEBTAfI1bUbDi9H2fxByCXcg6Bqwvi7TZB3Vsa+v+7+H2WyKVu3lDh1N8Z7qKtqKVp2b1kbAxtxowIzxyVfhhd3GwY8GyO6rBrmt9RZCW+VQ1pRUIWV0mF7Ogru87iLErqJuvi8IrZciW9VM55eqLs17In4Yp2heCoUd+u/eWprK60jsMQB9ck2D10BLVFkZ+DxI0bXGjFXLOqXMAGQrhYzRDrmJubP4GmLFv03lAIz0SKtJ7DClaOvOl3e5nzxPTh3oGv/OhiJipm9JnDEt+2gZuCHwS94zX6TujdRcw/GBImqH3veoET88bRDAf//f9s+XlzdpfteU8NNLcae/yF5U= Number of files that were processed is: 487

Emails

[email protected]

Extracted

Path

C:\Users\Admin\Desktop\HOW_TO_DECYPHER_FILES.txt

Family

hakbit

Ransom Note

To recover your data contact the email below [email protected] Key Identifier: DoRp1bNbR+0u8nAXZq6yR1MuD7swsEi7AUMTvFNXIdtunlMuVfE9c87XyaS/3N5UEoJtX+pZfw+t/qKp4cWqdiOGI0Gk8/9UtN/gVnoBCrHpkTER0C72CJbLpeLvzRN8Snr2M0arNqmpKoNMW4al/rLSe91Rb5pnXclS3TA80YjqSpWihGYFrePPP0jNN2p8c4cQSg/oA0FpHKHrJC8eFmqUtjj6mQXy5E60knAue0Vw8QPIW+ybfo7VbGi+m92yGm23n6/FfBEb4zuLiOklT8sliH7XvrIMe3QfeB/vj89mHP1ArecRRNxVirKxxL1wxyxwGKK2cQuDrt6kvjkoTeMwhYk9Kx+TCsOlYX0aR18Nrj/Zy8HsA0Odj0CR4zdj1ZcFgEzDI/mJYe47AQjleE7+SqYkJnUJ3CHO8Na30rMfHrSrOWTPOsn0o9h4csLDr3kNkRf7hODoFgHtcGkzfeaGQa2iUMpZRh2DVX8HqgWGS3Dt9zWub5+H6Wkf5fUL1fIdOvvlGynfBexK8ZjTuqJCOzZuilv5P2FHTrxOh3XhI1A+qyLzwjg7AWrXKxos1mIIfs030xl/B+JL2hsZEdo7qx8mdCF2gbMADgKphZjmcyNlL3md9ezXFCPCX/86jUBhxijS59rsvPEm4Hz2L9DcA7BW8cObAybJqelRQro= Number of files that were processed is: 430

Emails

[email protected]

Targets

- Target
  
  69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b.exe
- Size
  
  80KB
- MD5
  
  8152a3d0d76f7e968597f4f834fdfa9d
- SHA1
  
  c3cf05f3f79851d3c0d4266ab77c8e3e3f88c73e
- SHA256
  
  69c56d12ed7024696936fb69b4c6bee58174a275cb53fa966646a0b092d9626b
- SHA512
  
  eb1a18cb03131466a4152fa2f6874b70c760317148684ca9b95044e50dc9cd19316d6e68e680ce18599114ba73e75264de5dab5afe611165b9c6c0b5f01002b4
- SSDEEP
  
  1536:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/suIicRtpNf8SgRXt+AacRDVX8C4OntD4acN:SHbigeMiIeMfZ7tOBbFv0CIG0dDh/su0
Score

10^/10

hakbit credential_access defense_evasion discovery execution ransomware spyware stealer
- Disables service(s)
  defense_evasion execution
- Hakbit
  Ransomware which encrypts files using AES, first seen in November 2019.
  ransomware hakbit
- Hakbit family
  hakbit
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Deletes itself
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2