c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013

General

Target

c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe
Size

69KB
MD5

945a97ecbc3ef0845a3156c55e7b4092
SHA1

f1a02467fbe897a44da3604185be03cd51461b55
SHA256

c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013
SHA512

80cb194761b181fe0e0c0bec1f70bc8e6839e05ab9e89ca1d437fc442d8fddf025afe39bae65606ad7eedc0aaf22999353823db83611c76a29c51f8718130813

Score

10^/10

ransomware spyware

Malware Config

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-910373003-3952921535-3480519689-1000\WYFQSG-HOW-TO-FIX.TXT

Ransom Note

Hello. Some of your files have been encrypted with the .wYFqSG file extension. in order to decrypt them, please contact us via https://licky.org. how to set up a licky account: open "https://licky.org" in a web browser (Google prefered) then click "Sign up here" and create a username and password. After that, you should be in. At the top it should say "Enter a username#0000" type in: Hacker47817628648971#4166 an "Error" message should pop up, ignore it! we will get back to you sometime later. if no answer in week email us:Hacker47817628648971@airmail.cc PLEASE AFTER CONTACT MADE UNLESS EMAIL - PASTE YOUR "PERSONAL" WE CANNOT DECRYPT FILE WITHOUT IT! DO NOT EDIT! -------------------------------- PERSONAL -------------------------------- LndZRnFTRz5BZG1pbkBESlJXR0RMWkBESlJXR0RMWnxjNHhzenFTejM2bUdBd2NoRDgwSXVSZDhj SGtSUHRnZlZoYS9FWGNydnhvT3BGcitjUXNkZlR0a3hHRDZWdHFaUDFhSDdzQmplTDVHNDdJenZ4 THo1V2l6SDF5UlpOZnNBelR2bFBLdm1xdk10eWdCazZsb0VpekxHMXc1a3RNM1U4OHVzMzJLa2Zp U290cDZ4RC9VZWUrSWM3bnJsdnBGWlNhb1BaNTQ1SXRZeGRJcU1jbTJiaWRqT2dtcU9pdUJGN0Nr VWM2UjhRNEF4eDI3SC9OWGVZTUZITXdwN1ZuY1lZM3poYlJMWU9lUjlmNitTOWp4WjNQN3dmUXlk Vm5zVmtvRXVRRzVwNXNnZjVnKzlwbWNremNHVXlBdGUvQ0ptNDB6YVBJcHRuVld1YWZvbkxoL0hv azU1bTcvUTJ0ZEh1bmg2b0FLdmROZXpQWEplaEduK2c9PQ== --------------------------------------------------------------------------

Emails

us:Hacker47817628648971@airmail.cc

URLs

https://licky.org

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe

description	ioc	process
File created	C:\Program Files\WYFQSG-HOW-TO-FIX.TXT	c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe
File created	C:\Program Files (x86)\WYFQSG-HOW-TO-FIX.TXT	c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware

Data from Local System
T1005

Credentials in Files
T1081
Drops file in Windows directory 1 IoCs

Processes:

c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe

description ioc process

File created C:\Windows\WYFQSG-HOW-TO-FIX.TXT c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe

description	ioc	process
File created	C:\Windows\WYFQSG-HOW-TO-FIX.TXT	c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe

C:\Users\Admin\AppData\Local\Temp\c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe
"C:\Users\Admin\AppData\Local\Temp\c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:1356

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v6

Replay Monitor

Loading Replay Monitor...

Downloads