General

  • Target

    32Bit.bin.zip

  • Size

    9.4MB

  • Sample

    200913-jegg8khgp2

  • MD5

    fbff96658807e1f7108856b6579566f3

  • SHA1

    901564760d06cefb6cd9d19b6c3df7aecb827976

  • SHA256

    bf536ce5dda81ac7309daddf5116d8fe374656f04e65ca9d02751d0fc88c1228

  • SHA512

    b23935545bbef08eff509aa251d335fdddb38c111db9c1e20d2b691c3fa9a6a78ca904ac40575abe8826525709b61280a94828118263b1a1fd64b075caa333e3

Score
10/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\!! YOUR FILES HAS BEEN ENCRYPTED !!.txt

Family

crypt32

Ransom Note
Your files has been encrypted by ransomware! and You can't decrypt with money. Please install heroes of the storm to decrypt your files. Attention: DO NOT TURN OFF YOUR PC! IF YOU TURNED OFF YOUR PC, YOU WON'T ABLE TO DECRYPT YOUR FILES! Emergency contact: BM-2cT4ifo6SY9QW7gPUJ4EvfeBrJM5jWR4TQ@bitmessage.ch Warning - Any attmpt of decryption file will delete your private key. 당신의 파일들은 랜섬웨어에 의해 암호화되었습니다. 그리고 돈을 줘도 풀 수 없습니다. 히어로즈 오브 더 스톰을 설치해서 파일들을 복호화하세요. 경고: PC를 끄지 마세요! PC를 끄면 파일을 복원할 수 없습니다! 긴급 연락 이메일: BM-2cT4ifo6SY9QW7gPUJ4EvfeBrJM5jWR4TQ@bitmessage.ch 경고: 복호화를 시도하면 파일들은 절대 다시 풀 수 없습니다.
Emails

BM-2cT4ifo6SY9QW7gPUJ4EvfeBrJM5jWR4TQ@bitmessage.ch

Targets

    • Target

      32Bit.bin

    • Size

      9.7MB

    • MD5

      62ecfb090d4512c4be0d8abb2d18a5a2

    • SHA1

      b4584b1f9e2d72c71515d07378aa4b584612fa49

    • SHA256

      9f52465538d7c804116e77fab868a87c85d318ffc8970fe7e8a2c846d97a1f74

    • SHA512

      68af16cf93f7043ecc5a46190a02e9335795675e8836148d6f7fa04934d0f3b6652d5b3e612f6ea6059d7380ebb9229dd3f24ac9b8505454d1a6f85914230438

    Score
    10/10
    • Crypt32 Ransomware

      Javascript Fan-extortionist malware which demands victims install Heroes of the Storm instead of a monetary ransom. Uses Crypto-JS library for encryption.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • JavaScript code in executable

MITRE ATT&CK Matrix

Tasks