Overview

overview

10

Static

static

3

86d812544f...17.exe

windows7-x64

10

86d812544f...17.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86d812544f8e250f1b52a4372aaab87565928d364471d115d669a8cc7ec50e17.zip

  • Size

    743KB

  • Sample

    250317-rxcglavqw7

  • MD5

    d177c4d3057f4892382351fc3fa44a31

  • SHA1

    868d6c6282a252205998f0d85dfb859558183b78

  • SHA256

    799c6fe504001596a28fa37f5c5fac6e4612394a764f199c6b46fdd31724d6dd

  • SHA512

    5b2767d7a5326694ba079f2787b3f1f5d56c2342d25914e6aff48c2d5adda418378aa88f50748ccf7bfcdd430d88235d3fc459760d9b8ddb118529a545692f49

  • SSDEEP

    12288:FyUyRnJLhkesII9c/o44mSXVHHaeVjEQnNQ6C6HfqyPbRjvQxBmNNWBrbcba4+Ol:FynRJLhkespi4JVH6eVAQnNP5/fRjvhB

Score
10/10
discoveryransomwarespywarestealer

Malware Config

Extracted

Path

C:\ProgramData\Adobe\Acrobat\9.0\README.txt

Ransom Note
--= No news is a good news ! =-- Your network has been breached and all your files Personal data, financial reports and important documents has been stolen , encrypted and ready to publish to public, if you willing to continue your bussines and make more money and keep bussines secret safe you need to restore your files first, And to restore all your files you have to pay the ransom in Bitcoin. don't bother your self and wast your time or make it more harder on your bussines , we developed a locker that can't be decrypted using third part decrypters . making your self geek and trying to restore the files with third part decrypter this will leads to lose all your date ! and then the even you pay the ransom can't help you to restore your files even us. to chat with us : 1 - Download tor browser https://www.torproject.org/download/ 2 - go to one of these links above http://vanhelcbxqt4tqie6fuevfng2bsdtxgc7xslo2yo7nitaacdfrlpxnqd.onion http://vanhelqmjstkvlhrjwzgjzpq422iku6wlggiz5y5r3rmfdeiaj3ljaid.onion http://vanhelsokskrlaacilyfmtuqqa5haikubsjaokw47f3pt3uoivh6cgad.onion http://vanheltarnbfjhuvggbncniap56dscnzz5yf6yjmxqivqmb5r2gmllad.onion 3 - you will be asked for your ticket id to enter the chat this for you : TICKET ID 77565753618715415149 usefull links : #OUR TOR BLOG : http://vanhelvuuo4k3xsiq626zkqvp6kobc2abry5wowxqysibmqs5yjh4uqd.onion http://vanhelwmbf2bwzw7gmseg36qqm4ekc5uuhqbsew4eihzcahyq7sukzad.onion http://vanhelxjo52qr2ixcmtjayqqrcodkuh36n7uq7q7xj23ggotyr3y72yd.onion
URLs

http://vanhelcbxqt4tqie6fuevfng2bsdtxgc7xslo2yo7nitaacdfrlpxnqd.onion

http://vanhelqmjstkvlhrjwzgjzpq422iku6wlggiz5y5r3rmfdeiaj3ljaid.onion

http://vanhelsokskrlaacilyfmtuqqa5haikubsjaokw47f3pt3uoivh6cgad.onion

http://vanheltarnbfjhuvggbncniap56dscnzz5yf6yjmxqivqmb5r2gmllad.onion

http://vanhelvuuo4k3xsiq626zkqvp6kobc2abry5wowxqysibmqs5yjh4uqd.onion

http://vanhelwmbf2bwzw7gmseg36qqm4ekc5uuhqbsew4eihzcahyq7sukzad.onion

http://vanhelxjo52qr2ixcmtjayqqrcodkuh36n7uq7q7xj23ggotyr3y72yd.onion

Targets

    • Target

      86d812544f8e250f1b52a4372aaab87565928d364471d115d669a8cc7ec50e17.exe

    • Size

      1.4MB

    • MD5

      5c254d25751269892b6f02d6c6384aef

    • SHA1

      79106dd259ba5343202c2f669a0a61b10adfadff

    • SHA256

      86d812544f8e250f1b52a4372aaab87565928d364471d115d669a8cc7ec50e17

    • SHA512

      ebde8f69487bf89570169fad50b494afb8859caf309bc6dde05979881100daebbcd38873277dc45f0108715f70418b3c9364909ec5a8bcb0ec2faac815a2f11e

    • SSDEEP

      24576:lVN4zWHoN+fFqqPuD6Iedm2q3QKtgNIGqvKD9McwPDCkw6Bh0lhSMXlemqth5yR1:Fo5+fFqgdh02q3ntgNLqw9nwPDC7bODU

    Score
    10/10
    discoveryransomwarespywarestealer

    • Renames multiple (225) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks