333228ab18216ac15c4e52529b43efb7364502b588d93d41e964789a5f081373

General

Target

9be3b8dff2d24146e732fa8f81b1a56860b579622e31c991ceaf847ade9717ae.zip
Size

275KB
Sample

201026-n4fypbhbmn
MD5

e10141efbb389f9d30ef6346f4be3318
SHA1

ce3af708f3375049fb39321ac93a5a3cc4b3125c
SHA256

333228ab18216ac15c4e52529b43efb7364502b588d93d41e964789a5f081373
SHA512

c9f28cc5295cce556b71c4935dfbbd2fa8459337ec49856b373b312f5b7b3b216203632ebbad8c998f693b2bba025812e936a6f02d212f112ff3c4496a9212aa

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README_encrypted.txt

Ransom Note

ATTENTION!!! ALL YOUR FILES HAVE BEEN ENCRYPTED YOU HAVE TO PAY $1000 DOLLARS TO UNLOCK YOUR FILES. PLEASE CONTACT <insert onion site here>.onion using Tor Browser. Make sure to provide the metadata.bin file that you can find in your user folder.

Targets

- Target
  
  9be3b8dff2d24146e732fa8f81b1a56860b579622e31c991ceaf847ade9717ae
- Size
  
  592KB
- MD5
  
  2bc8eb9cd7e24da82800105ce3fc52e7
- SHA1
  
  1b75ab3c677b082fae270da1e8d0d2841837d67a
- SHA256
  
  9be3b8dff2d24146e732fa8f81b1a56860b579622e31c991ceaf847ade9717ae
- SHA512
  
  ded152931da733433c4b6921313019cae0749bdff91d19bddf489478547628b3a4dcf42438515c83e965b38c7ce256cdba408fe22b68777c583cae014e5d2903
Score

10^/10

ransomware spyware persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Modifies service
  persistence
behavioral1 behavioral2