Overview

overview

10

Static

static

c893c83ac9...in.exe

windows7_x64

10

c893c83ac9...in.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    44s
  • platform
    windows7_x64
  • resource
    win7v200430
  • submitted
    03/06/2020, 18:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe

  • Size

    69KB

  • MD5

    945a97ecbc3ef0845a3156c55e7b4092

  • SHA1

    f1a02467fbe897a44da3604185be03cd51461b55

  • SHA256

    c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013

  • SHA512

    80cb194761b181fe0e0c0bec1f70bc8e6839e05ab9e89ca1d437fc442d8fddf025afe39bae65606ad7eedc0aaf22999353823db83611c76a29c51f8718130813

Score
10/10
ransomwarespyware

Malware Config

Extracted

Path

C:\$Recycle.Bin\S-1-5-21-910373003-3952921535-3480519689-1000\WYFQSG-HOW-TO-FIX.TXT

Ransom Note
Hello. Some of your files have been encrypted with the .wYFqSG file extension. in order to decrypt them, please contact us via https://licky.org. how to set up a licky account: open "https://licky.org" in a web browser (Google prefered) then click "Sign up here" and create a username and password. After that, you should be in. At the top it should say "Enter a username#0000" type in: Hacker47817628648971#4166 an "Error" message should pop up, ignore it! we will get back to you sometime later. if no answer in week email us:[email protected] PLEASE AFTER CONTACT MADE UNLESS EMAIL - PASTE YOUR "PERSONAL" WE CANNOT DECRYPT FILE WITHOUT IT! DO NOT EDIT! -------------------------------- PERSONAL -------------------------------- LndZRnFTRz5BZG1pbkBESlJXR0RMWkBESlJXR0RMWnxjNHhzenFTejM2bUdBd2NoRDgwSXVSZDhj SGtSUHRnZlZoYS9FWGNydnhvT3BGcitjUXNkZlR0a3hHRDZWdHFaUDFhSDdzQmplTDVHNDdJenZ4 THo1V2l6SDF5UlpOZnNBelR2bFBLdm1xdk10eWdCazZsb0VpekxHMXc1a3RNM1U4OHVzMzJLa2Zp U290cDZ4RC9VZWUrSWM3bnJsdnBGWlNhb1BaNTQ1SXRZeGRJcU1jbTJiaWRqT2dtcU9pdUJGN0Nr VWM2UjhRNEF4eDI3SC9OWGVZTUZITXdwN1ZuY1lZM3poYlJMWU9lUjlmNitTOWp4WjNQN3dmUXlk Vm5zVmtvRXVRRzVwNXNnZjVnKzlwbWNremNHVXlBdGUvQ0ptNDB6YVBJcHRuVld1YWZvbkxoL0hv azU1bTcvUTJ0ZEh1bmg2b0FLdmROZXpQWEplaEduK2c9PQ== --------------------------------------------------------------------------
Emails

us:[email protected]

URLs

https://licky.org

Signatures

  • Drops file in Program Files directory 2 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware
  • Drops file in Windows directory 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\c893c83ac960a9b172eca645462eab2594c66b9813255095d0d6bd930cd6d013.bin.exe"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    PID:1356

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads