81eb62b4d44a816986434bcf657286b7adee416e480b27fc313a8e8cd8461cf1

General

Target

WQW6HU4YD5
Size

692KB
Sample

250327-ewh7jaxtdz
MD5

646ca225a9bfa980b143fde9845f32b7
SHA1

5ada0fd44beef0e3b8d0bfb3889b0337d67dccac
SHA256

81eb62b4d44a816986434bcf657286b7adee416e480b27fc313a8e8cd8461cf1
SHA512

542b86e7a0558620927608a55cf0f651879d1c8d5041d013d8d3be205808fcf885c580fe90a7e97bc0a622730b498661539062591e5864a868b7179f6bea9657
SSDEEP

12288:rI4+9t5TIh1UDUggLNTvVOUjqCl2vG9y0tpVufz/p49Dc/s5HVY81:rZAt5TIbUy5jqCeQDepYDysZ1

Score

10^/10

Malware Config

Extracted

Path

/run/initramfs/readme_unlock.html

Ransom Note

文件加密信息警告：请妥善保管此文件，密钥丢失将导致无法解密文件！ 1.我们对您的文件没有任何兴趣，您的文件对我们没有任何价值，我们只想获得我们工作的报酬！ 2.如果您需要解密文件，请通过[email protected]邮箱联系我们，解密过程非常的简单，最快五分钟即可获取到解密工具！ 3.我们可以提供免费的解密测试，可以在邮件中发送需要解密的测试文件，测试文件只能是没有价值的文件！ 4.我们对在一周内联系并且付款的用户提供%50的优惠价格！ 5.加密后的文件在这个世界上只有我们能完成解密，任何宣称能完成解密的机构均为中间商，他们会在我们的售价基础上收取昂贵的差价！ 6.目前解密工具的售价仅为800USDT，请尽快联系我们完成解密。邮箱：[email protected] 7.发送邮件联系我们时请带上下方的加密密钥，我们收到货款后会为您根据密钥定制解密工具！ Warning: Please keep this file safe. Loss of the key will result in inability to decrypt files! 1. We have no interest in your files, your files have no value to us, we only want to receive payment for our work! 2. If you need to decrypt files, please contact us via email at [email protected]. The decryption process is very simple, and you can get the decryption tool in as fast as five minutes! 3. We can provide free decryption tests. You can send test files that need to be decrypted in the email, but test files must be files without value! 4. We offer a 50% discount for users who contact and pay within one week! 5. In this world, only we can decrypt the encrypted files. Any organization claiming to be able to decrypt them are intermediaries who will charge expensive markups on top of our selling price! 6. Currently, the decryption tool is priced at only 800 USDT. Please contact us as soon as possible to complete the decryption. Email: [email protected] 7. When sending an email to contact us, please include the encryption key below. After receiving payment, we will customize the decryption tool according to your key! 加密密钥: MjY5MjYsMTMzNDI0LDEzNTA3OSw0MjgxNSwyNjkyNiwxMzM0MjQsOTQ2NzEsNDI4MTUsNTQxOTksMTQ1MTYsNDI4MTUsMjUxMTIsMjUxMTIsMjIxOTUsNDI4MTUsMjY5MjYsMTM1MDc5LDk0NjcxLDQyODE1LDIyMTk1LDcyOTkxLDQyODE1LDI2OTI2LDI2OTI2LDEzMjk5LDQyODE1LDIyMTk1LDIyMTk1LDQyODE1LDI2OTI2LDEzNTA3OSwxMzM0MjQsNDI4MTUsMTM1MDc5LDEzNTA3OSw0MjgxNSwyNjkyNiwyNjkyNiwyNTExMiw0MjgxNSwyNTExMiwxMzM0MjQsMTMyOTksNDI4MTUsMjY5MjYsMTQ1MTYsNzI5OTEsNDI4MTUsMjUxMTIsNDI4MTUsMTM1MDc5LDU0MTk5LDQyODE1LDI2OTI2LDEzMzQyNCwyNTExMiw0MjgxNSwyNTExMiwxMzI5OSw0MjgxNSwxNDUxNiwyMjE5NSw0MjgxNSwyNTExMiwyNjkyNiw3Mjk5MSw0MjgxNSwyNTExMiw5NDY3MSwxMzM0MjQsNDI4MTUsMjUxMTIsNzI5OTEsNDI4MTUsMjY5MjYsNDI4MTUsMjY5MjYsMTM1MDc5LDIyMTk1LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDI2OTI2LDI1MTEyLDI1MTEyLDQyODE1LDI2OTI2LDcyOTkxLDcyOTkxLDQyODE1LDI1MTEyLDI1MTEyLDI2OTI2LDQyODE1LDI1MTEyLDEzMzQyNCwyNjkyNiw0MjgxNSw1NDE5OSw0MjgxNSwyMjE5NSwxNDUxNiw0MjgxNSwyNjkyNiw5NDY3MSwyNjkyNiw0MjgxNSw= 复制成功！加密时间: 2025-03-27 04:19:00 function copyKey() { var keyText = document.getElementById('key-text').innerText; navigator.clipboard.writeText(keyText).then(function() { var successMsg = document.getElementById('copySuccess'); successMsg.style.display = 'inline'; setTimeout(function() { successMsg.style.display = 'none'; }, 2000); }).catch(function(err) { // 如果clipboard API不可用，使用传统方法 var textArea = document.createElement('textarea'); textArea.value = keyText; document.body.appendChild(textArea); textArea.select(); try { document.execCommand('copy'); var successMsg = document.getElementById('copySuccess'); successMsg.style.display = 'inline'; setTimeout(function() { successMsg.style.display = 'none'; }, 2000); } catch (err) { alert('复制失败，请手动复制'); } document.body.removeChild(textArea); }); }

Emails

2.如果您需要解密文件，请通过[email protected]邮箱联系我们，解密过程非常的简单，最快五分钟即可获取到解密工具！

：[email protected]

[email protected]

Extracted

Path

/run/initramfs/readme_unlock.html

Ransom Note

文件加密信息警告：请妥善保管此文件，密钥丢失将导致无法解密文件！ 1.我们对您的文件没有任何兴趣，您的文件对我们没有任何价值，我们只想获得我们工作的报酬！ 2.如果您需要解密文件，请通过[email protected]邮箱联系我们，解密过程非常的简单，最快五分钟即可获取到解密工具！ 3.我们可以提供免费的解密测试，可以在邮件中发送需要解密的测试文件，测试文件只能是没有价值的文件！ 4.我们对在一周内联系并且付款的用户提供%50的优惠价格！ 5.加密后的文件在这个世界上只有我们能完成解密，任何宣称能完成解密的机构均为中间商，他们会在我们的售价基础上收取昂贵的差价！ 6.目前解密工具的售价仅为800USDT，请尽快联系我们完成解密。邮箱：[email protected] 7.发送邮件联系我们时请带上下方的加密密钥，我们收到货款后会为您根据密钥定制解密工具！ Warning: Please keep this file safe. Loss of the key will result in inability to decrypt files! 1. We have no interest in your files, your files have no value to us, we only want to receive payment for our work! 2. If you need to decrypt files, please contact us via email at [email protected]. The decryption process is very simple, and you can get the decryption tool in as fast as five minutes! 3. We can provide free decryption tests. You can send test files that need to be decrypted in the email, but test files must be files without value! 4. We offer a 50% discount for users who contact and pay within one week! 5. In this world, only we can decrypt the encrypted files. Any organization claiming to be able to decrypt them are intermediaries who will charge expensive markups on top of our selling price! 6. Currently, the decryption tool is priced at only 800 USDT. Please contact us as soon as possible to complete the decryption. Email: [email protected] 7. When sending an email to contact us, please include the encryption key below. After receiving payment, we will customize the decryption tool according to your key! 加密密钥: MjY5MjYsMTMzNDI0LDEzNTA3OSw0MjgxNSwyNjkyNiwxMzM0MjQsOTQ2NzEsNDI4MTUsNTQxOTksMTQ1MTYsNDI4MTUsMjUxMTIsMjUxMTIsMjIxOTUsNDI4MTUsMjY5MjYsMTM1MDc5LDk0NjcxLDQyODE1LDIyMTk1LDcyOTkxLDQyODE1LDI2OTI2LDI2OTI2LDEzMjk5LDQyODE1LDIyMTk1LDIyMTk1LDQyODE1LDI2OTI2LDEzNTA3OSwxMzM0MjQsNDI4MTUsMTM1MDc5LDEzNTA3OSw0MjgxNSwyNjkyNiwyNjkyNiwyNTExMiw0MjgxNSwyNTExMiwxMzM0MjQsMTMyOTksNDI4MTUsMjY5MjYsMTQ1MTYsNzI5OTEsNDI4MTUsMjUxMTIsNDI4MTUsMTM1MDc5LDU0MTk5LDQyODE1LDI2OTI2LDEzMzQyNCwyNTExMiw0MjgxNSwyNTExMiwxMzI5OSw0MjgxNSwxNDUxNiwyMjE5NSw0MjgxNSwyNTExMiwyNjkyNiw3Mjk5MSw0MjgxNSwyNTExMiw5NDY3MSwxMzM0MjQsNDI4MTUsMjUxMTIsNzI5OTEsNDI4MTUsMjY5MjYsNDI4MTUsMjY5MjYsMTM1MDc5LDIyMTk1LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDI2OTI2LDI1MTEyLDI1MTEyLDQyODE1LDI2OTI2LDcyOTkxLDcyOTkxLDQyODE1LDI1MTEyLDI1MTEyLDI2OTI2LDQyODE1LDI1MTEyLDEzMzQyNCwyNjkyNiw0MjgxNSw1NDE5OSw0MjgxNSwyMjE5NSwxNDUxNiw0MjgxNSwyNjkyNiw5NDY3MSwyNjkyNiw0MjgxNSw= 复制成功！加密时间: 2025-03-27 04:19:30 function copyKey() { var keyText = document.getElementById('key-text').innerText; navigator.clipboard.writeText(keyText).then(function() { var successMsg = document.getElementById('copySuccess'); successMsg.style.display = 'inline'; setTimeout(function() { successMsg.style.display = 'none'; }, 2000); }).catch(function(err) { // 如果clipboard API不可用，使用传统方法 var textArea = document.createElement('textarea'); textArea.value = keyText; document.body.appendChild(textArea); textArea.select(); try { document.execCommand('copy'); var successMsg = document.getElementById('copySuccess'); successMsg.style.display = 'inline'; setTimeout(function() { successMsg.style.display = 'none'; }, 2000); } catch (err) { alert('复制失败，请手动复制'); } document.body.removeChild(textArea); }); }

Emails

2.如果您需要解密文件，请通过[email protected]邮箱联系我们，解密过程非常的简单，最快五分钟即可获取到解密工具！

：[email protected]

[email protected]

Extracted

Path

/run/udev/data/readme_unlock.html

Ransom Note

文件加密信息警告：请妥善保管此文件，密钥丢失将导致无法解密文件！ 1.我们对您的文件没有任何兴趣，您的文件对我们没有任何价值，我们只想获得我们工作的报酬！ 2.如果您需要解密文件，请通过[email protected]邮箱联系我们，解密过程非常的简单，最快五分钟即可获取到解密工具！ 3.我们可以提供免费的解密测试，可以在邮件中发送需要解密的测试文件，测试文件只能是没有价值的文件！ 4.我们对在一周内联系并且付款的用户提供%50的优惠价格！ 5.加密后的文件在这个世界上只有我们能完成解密，任何宣称能完成解密的机构均为中间商，他们会在我们的售价基础上收取昂贵的差价！ 6.目前解密工具的售价仅为800USDT，请尽快联系我们完成解密。邮箱：[email protected] 7.发送邮件联系我们时请带上下方的加密密钥，我们收到货款后会为您根据密钥定制解密工具！ Warning: Please keep this file safe. Loss of the key will result in inability to decrypt files! 1. We have no interest in your files, your files have no value to us, we only want to receive payment for our work! 2. If you need to decrypt files, please contact us via email at [email protected]. The decryption process is very simple, and you can get the decryption tool in as fast as five minutes! 3. We can provide free decryption tests. You can send test files that need to be decrypted in the email, but test files must be files without value! 4. We offer a 50% discount for users who contact and pay within one week! 5. In this world, only we can decrypt the encrypted files. Any organization claiming to be able to decrypt them are intermediaries who will charge expensive markups on top of our selling price! 6. Currently, the decryption tool is priced at only 800 USDT. Please contact us as soon as possible to complete the decryption. Email: [email protected] 7. When sending an email to contact us, please include the encryption key below. After receiving payment, we will customize the decryption tool according to your key! 加密密钥: MjY5MjYsMTMzNDI0LDEzNTA3OSw0MjgxNSwyNjkyNiwxMzM0MjQsOTQ2NzEsNDI4MTUsNTQxOTksMTQ1MTYsNDI4MTUsMjUxMTIsMjUxMTIsMjIxOTUsNDI4MTUsMjY5MjYsMTM1MDc5LDk0NjcxLDQyODE1LDIyMTk1LDcyOTkxLDQyODE1LDI2OTI2LDI2OTI2LDEzMjk5LDQyODE1LDIyMTk1LDIyMTk1LDQyODE1LDI2OTI2LDEzNTA3OSwxMzM0MjQsNDI4MTUsMTM1MDc5LDEzNTA3OSw0MjgxNSwyNjkyNiwyNjkyNiwyNTExMiw0MjgxNSwyNTExMiwxMzM0MjQsMTMyOTksNDI4MTUsMjY5MjYsMTQ1MTYsNzI5OTEsNDI4MTUsMjUxMTIsNDI4MTUsMTM1MDc5LDU0MTk5LDQyODE1LDI2OTI2LDEzMzQyNCwyNTExMiw0MjgxNSwyNTExMiwxMzI5OSw0MjgxNSwxNDUxNiwyMjE5NSw0MjgxNSwyNTExMiwyNjkyNiw3Mjk5MSw0MjgxNSwyNTExMiw5NDY3MSwxMzM0MjQsNDI4MTUsMjUxMTIsNzI5OTEsNDI4MTUsMjY5MjYsNDI4MTUsMjY5MjYsMTM1MDc5LDIyMTk1LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDI2OTI2LDI1MTEyLDI1MTEyLDQyODE1LDI2OTI2LDcyOTkxLDcyOTkxLDQyODE1LDI1MTEyLDI1MTEyLDI2OTI2LDQyODE1LDI1MTEyLDEzMzQyNCwyNjkyNiw0MjgxNSw1NDE5OSw0MjgxNSwyMjE5NSwxNDUxNiw0MjgxNSwyNjkyNiw5NDY3MSwyNjkyNiw0MjgxNSw= 复制成功！加密时间: 2025-03-27 04:19:29 function copyKey() { var keyText = document.getElementById('key-text').innerText; navigator.clipboard.writeText(keyText).then(function() { var successMsg = document.getElementById('copySuccess'); successMsg.style.display = 'inline'; setTimeout(function() { successMsg.style.display = 'none'; }, 2000); }).catch(function(err) { // 如果clipboard API不可用，使用传统方法 var textArea = document.createElement('textarea'); textArea.value = keyText; document.body.appendChild(textArea); textArea.select(); try { document.execCommand('copy'); var successMsg = document.getElementById('copySuccess'); successMsg.style.display = 'inline'; setTimeout(function() { successMsg.style.display = 'none'; }, 2000); } catch (err) { alert('复制失败，请手动复制'); } document.body.removeChild(textArea); }); }

Emails

2.如果您需要解密文件，请通过[email protected]邮箱联系我们，解密过程非常的简单，最快五分钟即可获取到解密工具！

：[email protected]

[email protected]

Targets

- Target
  
  WQW6HU4YD5
- Size
  
  692KB
- MD5
  
  646ca225a9bfa980b143fde9845f32b7
- SHA1
  
  5ada0fd44beef0e3b8d0bfb3889b0337d67dccac
- SHA256
  
  81eb62b4d44a816986434bcf657286b7adee416e480b27fc313a8e8cd8461cf1
- SHA512
  
  542b86e7a0558620927608a55cf0f651879d1c8d5041d013d8d3be205808fcf885c580fe90a7e97bc0a622730b498661539062591e5864a868b7179f6bea9657
- SSDEEP
  
  12288:rI4+9t5TIh1UDUggLNTvVOUjqCl2vG9y0tpVufz/p49Dc/s5HVY81:rZAt5TIbUy5jqCeQDepYDysZ1
Score

10^/10

antivm credential_access defense_evasion discovery execution persistence privilege_escalation ransomware spyware stealer
- Modifies user home skeleton directory
  Modifies skeleton of initial home directory of newly added system users.
  persistence
- Reads user data of web browsers
  Reads stored browser data which can include saved credentials.
  spyware stealer credential_access discovery
- Reads AppArmor ptrace settings
  Discovery of allowed ptrace capabilities by AppArmor.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Creates/modifies environment variables
  Creating/modifying environment variables is a common persistence mechanism.
  persistence privilege_escalation defense_evasion
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
  discovery
- Reads network interface configuration
  Fetches information about one or more active network interfaces.
  discovery
- Modifies Bash startup script
  persistence
- Security Software Discovery
  Adversaries may attempt to discover installed security software and its configurations.
  discovery
behavioral1