General
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
-
Sample
250515-pahzravpx9
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://github.com/Da2dalus/The-MALWARE-Repo
Resource
win10v2004-20250502-en
19 signatures
150 seconds
Malware Config
Extracted
Path
C:\Users\Public\R3ADM3.txt
Ransom Note
YOUR ALL DATA HAVE BEEN ENCRYPTED!
We have encrypted your side entire data.
The only way to decrypt your files is to receive the private key and decryption program.
To receive the private key and decryption program, you must contact us.
We guarantee that you can recover all your files safely and easily. But you have not so enough time.
You can decrypt some of your files for free when you contact us.
You Only Have 7 Days To Contact Us!
How to contact us
1. Download "Tor Browser" and install it.
2. In the "Tor Browser" open this site here :
http://jzbhtsuwysslrzi2n5is3gmzsyh6ayhm7jt3xowldhk7rej4dqqubxqd.onion
3. After login with below Client ID to this site and contact Manger
Client ID : 681ded4c9edfa0e65fca67c8
You need to contact "Manager" to recover all your data successfully.
!!!DANGER !!!
DO NOT MODIFY or try to RECOVER any files yourself.We WILL NOT be able to RESTORE them.
And also you can get info about us below this url.
Data publish : http://gunrabxbig445sjqa535uaymzerj6fp4nwc6ngc2xughf2pedjdhk4ad.onion
Don't share your client ID with the third-party guys, you can get scammed by fake decryptors.
!!!DANGER !!!
URLs
http://jzbhtsuwysslrzi2n5is3gmzsyh6ayhm7jt3xowldhk7rej4dqqubxqd.onion
http://gunrabxbig445sjqa535uaymzerj6fp4nwc6ngc2xughf2pedjdhk4ad.onion
Targets
-
-
Target
https://github.com/Da2dalus/The-MALWARE-Repo
-
Renames multiple (1744) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1