General

  • Target

    https://github.com/Da2dalus/The-MALWARE-Repo

  • Sample

    250515-pahzravpx9

Malware Config

Extracted

Path

C:\Users\Public\R3ADM3.txt

Ransom Note
YOUR ALL DATA HAVE BEEN ENCRYPTED! We have encrypted your side entire data. The only way to decrypt your files is to receive the private key and decryption program. To receive the private key and decryption program, you must contact us. We guarantee that you can recover all your files safely and easily. But you have not so enough time. You can decrypt some of your files for free when you contact us. You Only Have 7 Days To Contact Us! How to contact us 1. Download "Tor Browser" and install it. 2. In the "Tor Browser" open this site here : http://jzbhtsuwysslrzi2n5is3gmzsyh6ayhm7jt3xowldhk7rej4dqqubxqd.onion 3. After login with below Client ID to this site and contact Manger Client ID : 681ded4c9edfa0e65fca67c8 You need to contact "Manager" to recover all your data successfully. !!!DANGER !!! DO NOT MODIFY or try to RECOVER any files yourself.We WILL NOT be able to RESTORE them. And also you can get info about us below this url. Data publish : http://gunrabxbig445sjqa535uaymzerj6fp4nwc6ngc2xughf2pedjdhk4ad.onion Don't share your client ID with the third-party guys, you can get scammed by fake decryptors. !!!DANGER !!!
URLs

http://jzbhtsuwysslrzi2n5is3gmzsyh6ayhm7jt3xowldhk7rej4dqqubxqd.onion

http://gunrabxbig445sjqa535uaymzerj6fp4nwc6ngc2xughf2pedjdhk4ad.onion

Targets

    • Target

      https://github.com/Da2dalus/The-MALWARE-Repo

    • Renames multiple (1744) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v16

Tasks