TT Malware Log

マルウェア / サイバー攻撃 / 解析技術 に関する「個人」の調査・研究・参照ログ

Cynet Ransomware Report: Mespinoza

【概要】

項目 内容
MD5 83e1ca89bcd55a87f826bc6901ff7f3e
SHA-1 d0db4d232331234f0c430008a4320c0dea993c20
SHA-256 4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b
Vhash 055076655d551d15556068z5dhz13z2fz
Authentihash 06c5529542c2879ca08c10ba0daec99afd0a19723d5c3590c36f84d91e70b99b
Imphash b5e8bd2552848bb7bf2f28228d014742
Magic bytes 4D 5A 90 00 03 00 00
SSDEEP 12288:HDMUibBYoo+OeO+OeNhBBhhBB7TRU+FR+q1mITXijBs0Fa:jMUiFTTRU+3+qAILOj
File size 500.00 KB (512000 bytes)
File type PE32 executable Win32 EXE


【ブログ】

◆Cynet Ransomware Report: Mespinoza (Cynet, 2021/07/05)
[Cynet社のランサムウェアのレポートです]

Ransomware: Mespinoza / PYSA
Ransomnote: Readme.txt

https://www.cynet.com/attack-techniques-hands-on/cynet-ransomware-report-mespinoza/


【検索】

google: 83e1ca89bcd55a87f826bc6901ff7f3e
google: d0db4d232331234f0c430008a4320c0dea993c20
google: 4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b
google:news: 83e1ca89bcd55a87f826bc6901ff7f3e
google:news: d0db4d232331234f0c430008a4320c0dea993c20
google:news: 4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b


【VT検索】

https://www.virustotal.com/gui/file/83e1ca89bcd55a87f826bc6901ff7f3e
https://www.virustotal.com/gui/file/0db4d232331234f0c430008a4320c0dea993c20
https://www.virustotal.com/gui/file/4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b


【リークサイト】

Wqmfzni2nvbbpk25.onion


【関連まとめ記事】

全体まとめ
 ◆マルウェア / Malware (まとめ)
  ◆ランサムウェア (まとめ)

◆Mespinoza / PYSA (まとめ)
https://malware-log.hatenablog.com/entry/Mespinoza

 ◆インシデント (まとめ)

◆二重恐喝 (まとめ)
https://malware-log.hatenablog.com/entry/Double_extortion


【インディケータ情報】

■ハッシュ情報(Sha256) - -

4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b
8b4b233e87c61c8698e086b376da640c9ab2ecd71c58b1f6a2eceb60b7e1a691
f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a
1e2009549452ed6b524b94ed683079ee60c2b9542b1bfd5b9ee42e9161d5e7c8
48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3
0f0014669bc10a7d87472cafc05301c66516857607b920ddeb3039f4cb8f0a50
e9662b468135f758a9487a1be50159ef57f3050b753de2915763b4ed78839ead
61bb42fe06b3511d512af33ef59baa295b29bd62eb4d0bf28639c7910a65e4ae
425945a93beb160f101d51de36363d1e7ebc45279987c3eaf5e7f183ed0a3776
a18c85399cd1ec3f1ec85cd66ff2e97a0dcf7ccb17ecf697a5376da8eda4d327
5510ae74b7e2a10fdafa577dc278612f7796b0252b7d1438615e26c49e1fc560
1a0ff707938a1399e23af000567806a87fff9b8789ae43badb4d28d4bef1fb81
b1381635c936e8de92cfa26938c80a359904c1d709ef11ee286ba875cfb7b330

(以上は Cynet の情報: 引用元は https://www.cynet.com/attack-techniques-hands-on/cynet-ransomware-report-mespinoza/ )


【検索】

google: 4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b
google: 8b4b233e87c61c8698e086b376da640c9ab2ecd71c58b1f6a2eceb60b7e1a691
google: f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a
google: 1e2009549452ed6b524b94ed683079ee60c2b9542b1bfd5b9ee42e9161d5e7c8
google: 48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3
google: 0f0014669bc10a7d87472cafc05301c66516857607b920ddeb3039f4cb8f0a50
google: e9662b468135f758a9487a1be50159ef57f3050b753de2915763b4ed78839ead
google: 61bb42fe06b3511d512af33ef59baa295b29bd62eb4d0bf28639c7910a65e4ae
google: 425945a93beb160f101d51de36363d1e7ebc45279987c3eaf5e7f183ed0a3776
google: a18c85399cd1ec3f1ec85cd66ff2e97a0dcf7ccb17ecf697a5376da8eda4d327
google: 5510ae74b7e2a10fdafa577dc278612f7796b0252b7d1438615e26c49e1fc560
google: 1a0ff707938a1399e23af000567806a87fff9b8789ae43badb4d28d4bef1fb81
google: b1381635c936e8de92cfa26938c80a359904c1d709ef11ee286ba875cfb7b330



【VT検索】

https://www.virustotal.com/gui/file/4dc802894c45ec4d119d002a7569be6c99a9bba732d0057364da9350f9d3659b
https://www.virustotal.com/gui/file/8b4b233e87c61c8698e086b376da640c9ab2ecd71c58b1f6a2eceb60b7e1a691
https://www.virustotal.com/gui/file/f0939ebfda6b30a330a00c57497038a54da359e316e0d6e6e71871fd50fec16a
https://www.virustotal.com/gui/file/1e2009549452ed6b524b94ed683079ee60c2b9542b1bfd5b9ee42e9161d5e7c8
https://www.virustotal.com/gui/file/48355bd2a57d92e017bdada911a4b31aa7225c0b12231c9cbda6717616abaea3
https://www.virustotal.com/gui/file/0f0014669bc10a7d87472cafc05301c66516857607b920ddeb3039f4cb8f0a50
https://www.virustotal.com/gui/file/e9662b468135f758a9487a1be50159ef57f3050b753de2915763b4ed78839ead
https://www.virustotal.com/gui/file/61bb42fe06b3511d512af33ef59baa295b29bd62eb4d0bf28639c7910a65e4ae
https://www.virustotal.com/gui/file/425945a93beb160f101d51de36363d1e7ebc45279987c3eaf5e7f183ed0a3776
https://www.virustotal.com/gui/file/a18c85399cd1ec3f1ec85cd66ff2e97a0dcf7ccb17ecf697a5376da8eda4d327
https://www.virustotal.com/gui/file/5510ae74b7e2a10fdafa577dc278612f7796b0252b7d1438615e26c49e1fc560
https://www.virustotal.com/gui/file/1a0ff707938a1399e23af000567806a87fff9b8789ae43badb4d28d4bef1fb81
https://www.virustotal.com/gui/file/b1381635c936e8de92cfa26938c80a359904c1d709ef11ee286ba875cfb7b330


Copyright (C) 谷川哲司 (Tetsuji Tanigawa) 1997 - 2022