Resubmissions

29/05/2025, 14:06

250529-remjvasvft 10

26/05/2025, 06:54

250526-hpdv1swqt6 10

General

  • Target

    daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93.exe

  • Size

    426KB

  • Sample

    250526-hpdv1swqt6

  • MD5

    e07b67ebfd8b9628237a9cc955a136fd

  • SHA1

    c623d17c0bbd9fb753328c8d38068ab57f9b9758

  • SHA256

    daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93

  • SHA512

    a3061c67c6ce4d982a4de514c891e3eb1ebe5a5bd471292407921e86f3336f8a7e1e3d2beae353c468b399a5d5b22e5615d1b5c78db19863bb7f410d61d11afc

  • SSDEEP

    6144:tfjw8p8tUwrLrLrLEWXHQtLWd5oNVFq//6751bLV50DEr0Ng/ydlb4fQ6wFMvbZ:pPWQgeVFN8DZNg6dNoQl+v

Malware Config

Extracted

Path

F:\DECRYPT-FILES.html

Ransom Note
<html> <head> <script> function CopyToClipboard(containerid) { if (document.selection) { var range = document.body.createTextRange(); range.moveToElementText(document.getElementById(containerid)); range.select().createTextRange(); document.execCommand("copy"); } else if (window.getSelection) { var range = document.createRange(); range.selectNode(document.getElementById(containerid)); window.getSelection().addRange(range); document.execCommand("copy"); alert("Base64 copied into the clipboard!") } } </script> <style> html{ margin:0; padding:0; width:100%; height:100%; } body { background: #000080; color: #ececec; font-family: Consolas }; .tooltip { position: relative; display: inline-block; border-bottom: 1px dotted black; } .tooltip .tooltiptext { visibility: hidden; width: 120px; background-color: #555; color: #fff; text-align: center; border-radius: 6px; padding: 5px 0; position: absolute; z-index: 1; bottom: 125%; left: 50%; margin-left: -60px; opacity: 0; transition: opacity 0.3s; } .tooltip .tooltiptext::after { content: ""; position: absolute; top: 100%; left: 50%; margin-left: -5px; border-width: 5px; border-style: solid; border-color: #555 transparent transparent transparent; } .tooltip:hover .tooltiptext { visibility: visible; opacity: 1; } p#base64{ -ms-word-break: break-all; word-break: break-all; -webkit-hyphens: auto; -moz-hyphens: auto; -ms-hyphens: auto; hyphens: auto; } p#base64:hover{ cursor: hand; } </style> </head> <body> <table style="position: absolute;" width="100%"> <tr> <td style="width: 25%;"> <span class="left" style="font-size: 14px; font-weight: bold">CODE: <br>------ <br>00000&nbsp;00000 <br>00000&nbsp;00000 <br>00000&nbsp;00000 <br>00000&nbsp;00000 <br>00000&nbsp;00000 <br>00000&nbsp;00000 <br>00000&nbsp;00000 <br>00000&nbsp;00000 </span> </td> <td style="width: 50%;"> <div style="text-align: center; font-size: 20px;"> <p><s>0010 SYSTEM FAILURE 0010</s></p> <p>*********************************************************************************************************************</p> <p>Attention! Your documents, photos, databases, and other important files have been encrypted!</p> <p>*********************************************************************************************************************</p> <br> </div> <div style="text-align: center; font-size: 18px;"> <p>The only way to decrypt your files, is to buy the private key from us.</p> <p>You can decrypt one of your files for free, as a proof that we have the method to decrypt the rest of your data.</p> <p>In order to receive the private key contact us via email: <br> <b>[email protected]</b> </p> <p>Remember to hurry up, as your email address may not be avaliable for very long.<br>Buying the key immediatly will guarantee that 100% of your files will be restored.</p> <p>Below you will see a big base64 blob, you will need to email us and copy this blob to us.<br>you can click on it, and it will be copied into the clipboard.</p> <p>If you have troubles copying it, just send us the file you are currently reading, as an attachment.</p> <br> <p>Base64: </p> </div><div style="text-align: center; font-size: 12px;"><p id="base64" onclick="return CopyToClipboard('base64')" class="tooltip">HoBsi7ExB5QQxF5HZjM+AIhHrGJsDCpcY77IX+BIDSinAfakmwmbvztNY1RMjTsMfES/AbmVRhceVxMsv20Hh66hKGxUha1NEqxWk++oD6FtyQAlhvNE40ziy2epApIHfZ2rM6m2Etc30qnUhigk/5Bngj04EAVo+CFjOhLRFv8ayn/WTHcqM5d80j6sIwXt6a5mFM+ZeP97EV+3/nCMgzEJyyUDBm18hRbplM/1S4ahFywzp2sXLsVuWee10imWFj0X9DcuJUMi2WIcIbkLaR7RikRewBQn8E6Ab9qQr8d+htzjIxdZwPCAi9qf9AeRU8omINBt4AAWUMABjkVp9PNpu3TfAvnr38jR2Q5VDWKI0JnmyBUBc82S4OD6Xy6WaEheMeaWUP/VwIggCHWG4NMHIRycsFFTNcBuLxn/xQusPw/VYqt9zkSHQyaQyFlKaFnQIBDxvFrZMbuRaJUdP09NVramIfiRC4RpdbJ8omRzfAsjGXH4h5ARAH7NM6LShq3hSpd39JL/FWdXg3dKYF4yCE3cKjmngDqKRYiVXTTxTbKAGH3oHhzR07gGYn+hfJzyyGyxk/pxrEkyosFBXWPN4AGfBEkIQ5+u+UeglFJEgPt5BUT3FZYsHmxqT6DGpfkq6JDmjqSnZtkiIK0ug3bFKJt0LCzy/WJwTGxCYdeOE3cFLkavG4v0+qzazH5TycCbqiZUXt6wWioKV8mpvW4y5i2nTRyMMAr+G0VLdCU264wWk2VoSg3eXsNOcrOrBChx1kvekwScnqXVNJSU6y44pkhxFXbREjFZc48QytY5WKcNKuR6Q+BFltL5CzGkkzYIoFYxLnI3K3cQdhAGfZUxXs6IgJ89qKvTgRMeu0XxzsAw5KiMGreRuIc1buFfwsM5jlX5F4gEJOOlsHsrY+hecvObCvEnvW1gy2CSwqKa39iGpoabNi4v1PU8bycyPAqZxKJAnZyhv3E1p8y5L9vKwIKcb8dCqAHXHm51mhR+ghj/XpmdHxDZolaNGrFrJuzSGZJmwYPEt9zLxDQ3dHnqT/Ys54cddNbVcVHUrEtTIqdgSmkNbieAxTGv798nXmgCKq6saiXL4FVyKQWFCVN6qNutulxpCbQP/pKIwTHZXBmhBX6+2DQITFBvY6J352pPA7WM9Zc3rVUrWHkK1fUiOoTRzlkRgLEEp8Q3bovCrEvl5HKR9IlDx/3QMbxNLBw9WAwAV8fA1kujQKCkH66DyRdULX7wdrev8kMNm3SImKhBghmmtbu7FI1oFXYGnxAWtt9cY1PZ9VONtbPpJqGYabnRGh8f35wkqF7CI9Ji+3fy1cZKqEyAgnzYThN6pGCyAuYA5T4Cv1FJVSFAdqXjQICr4YcrJjxBrtxX6UJxiy34nWRzAk5X9aFc0ymU47c+eeqrkvSPcO9xIGpGdfLFUSZiDd12iLrCdgJ+uoPt14X0QVNEsfVVQoirdCsRVnTlVAlr7OopyX083QCd83fr/GwT+TChURNB0b2cfbCqx4mAmzeanz2o2Ek3/qfngfhK9HXcd//PUhIBnZc8NcUrRKndo1ZlWivrHR+EgmXakuSXdrMY++ug6ZT8ZxfRPuqhJT/lLbuSy+IDlW7FiwAnKHCFu1dvW3tj4G0I/COqvuacj4FnQRQkuBMjkksncUAu75VahwGdTv6Zd9Vt06nVc21jp3kvMLXSF78DF44XkbAbggYj7d4F6elR1uVQ+w+WZxqTv+ivpNfPmuRHYzI2sc08uSKDt5D3zFpLqdpufQcpC0MqLyYNMiMf18zgNWmDCfLomglpmC17o9SrjKFrmudrDk+2k2hZUojp3X+oIe/KBp9L1JIhP6ZYLX0YAxnmKaT153bUjiqt4JhLfDgbkC4p0l8R8BYZnpsYYtD/saIv6BztaIvDXuvI577KgILsjTgsygFGLGY6YsDECwqjDFuZCn/zmNHlbiR+XwzFISVWgKNBRoNwgkJGP5yUbyFuPi/b4li6745sxXvCNPefLATraAcqgttpMSmrvov4NSCPLXoI7oFNMZezJadsFZAVJK0wPqHkTL0mnH70AUmhcdCs7xB8TNjoUlUL4Rnb52WGEKAebF+5DMTPDm/MiSCpG9Cfk6AcvrjHWJ04rFGoyMSQbQq8DXrc9ReMybDhoGafqjq5yoaOHwSgAslDTRW4ez6nKk6N4vifGtaRNzSTAU9tshb2Cy0doIzNguzzBMKQ0SzG/zPx5407VYEHxe37bQoiOAA3ADIAYwAwADkANwBhAGUAMQA4ADQAYwBkAGIANAAAABCAYBoMQQBkAG0AaQBuAAAAIhJGAFAAQgBVAEgARwBSAEgAAAAqDG4AbwBuAGUAfAAAADIsVwBpAG4AZABvAHcAcwAgADEAMAAgAEUAbgB0AGUAcgBwAHIAaQBzAGUAAABCVnwAQwBfAEYAXwAyADAANAA4ADAALwAyADQAMQAzADYAMQB8AEQAXwBVAF8AMAAvADAAfABGAF8ARgBfADIAMAA0ADIAMQAvADIAMAA0ADcAOQB8AAAASABQQFiJCGCJCGiJCHDGnt9yeAOAAQKKAQMxLjA=<span class="tooltiptext">Click here to copy</span></p></div></td><td style="width: 25%; text-align: right;"><span class="right" style="font-size: 14px; font-weight: bold">IMMINENT SHUTDOWN:<br>------<br>00000&nbsp;00000&nbsp;0&nbsp;00<br>00000&nbsp;00000&nbsp;0&nbsp;00<br>00000&nbsp;00000&nbsp;0&nbsp;00<br>00000&nbsp;00000&nbsp;0&nbsp;00<br>00000&nbsp;00000&nbsp;0&nbsp;00<br>00000&nbsp;00000&nbsp;0&nbsp;00<br>00000&nbsp;00000&nbsp;0&nbsp;00<br>00000&nbsp;00000&nbsp;0&nbsp;00</span></td></tr></table></body></html>
Emails

Targets

    • Target

      daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93.exe

    • Size

      426KB

    • MD5

      e07b67ebfd8b9628237a9cc955a136fd

    • SHA1

      c623d17c0bbd9fb753328c8d38068ab57f9b9758

    • SHA256

      daa0ac4896cdfdae324b228d5c620fb3ab4a33ff73d991a3587a086c7ffb5e93

    • SHA512

      a3061c67c6ce4d982a4de514c891e3eb1ebe5a5bd471292407921e86f3336f8a7e1e3d2beae353c468b399a5d5b22e5615d1b5c78db19863bb7f410d61d11afc

    • SSDEEP

      6144:tfjw8p8tUwrLrLrLEWXHQtLWd5oNVFq//6751bLV50DEr0Ng/ydlb4fQ6wFMvbZ:pPWQgeVFN8DZNg6dNoQl+v

MITRE ATT&CK Enterprise v16

Tasks