Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor
Tags
Common Information
| Type | Value |
|---|---|
| UUID | f14d43c2-be63-4ee8-b54e-0becbe69447c |
| Fingerprint | d742c2b0d3786d1 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | June 26, 2018, 11 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 18, 2024, 5:19 p.m. |
| Headline | Vulnerability Information |
| Title | Files Cannot Be Decrypted? Challenge Accepted. Talos Releases ThanatosDecryptor |
| Detected Hints/Tags/Attributes | 65/1/25 |
Source URLs
| Redirection | Url | |
|---|---|---|
| Details | Source | https://blog.talosintelligence.com/2018/06/ThanatosDecryptor.html |
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 112 | cdn.discordapp.com |
|
| Details | Domain | 14 | iplogger.com |
|
| Details | Domain | 904 | snort.org |
|
| Details | File | 368 | readme.txt |
|
| Details | File | 2 | fastleafdecay.exe |
|
| Details | File | 2 | thanatosdecryptor.exe |
|
| Details | File | 10 | c:\\windows\\system32\\notepad.exe |
|
| Details | File | 1 | x00.exe |
|
| Details | sha256 | 1 | bad7b8d2086ac934c01d3d59af4d70450b0c08a24bc384ec61f40e25b7fbfeb5 |
|
| Details | sha256 | 2 | fe1eafb8e31a84c14ad5638d5fd15ab18505efe4f1becaa36eb0c1d75cd1d5a9 |
|
| Details | sha256 | 1 | 8df0cb230eeb16ffa70c984ece6b7445a5e2287a55d24e72796e63d96fc5d401 |
|
| Details | sha256 | 1 | 97d4145285c80d757229228d13897820d0dc79ab7aa3624f40310098c167ae7e |
|
| Details | sha256 | 1 | 55aa55229ea26121048b8c5f63a8b6921f134d425fba1eabd754281ca6466b70 |
|
| Details | sha256 | 1 | 02b9e3f24c84fdb8ab67985400056e436b18e5f946549ef534a364dff4a84085 |
|
| Details | sha256 | 1 | 241f67ece26c9e6047bb1a9fc60bf7c45a23ea1a2bb08a1617a385c71d008d79 |
|
| Details | sha256 | 1 | 0bea985f6c0876f1c3f9967d96abd2a6c739de910e7d7025ae271981e9493204 |
|
| Details | sha256 | 1 | 42748e1504f668977c0a0b6ac285b9f2935334c0400d0a1df91673c8e3761312 |
|
| Details | Pdb | 1 | c:\users\artur\desktop\csharp - js\косте пизда\release\thanatos.pdb |
|
| Details | Pdb | 1 | d:\work\thanatos\release\thanatos.pdb |
|
| Details | Pdb | 1 | d:\работа\локер шифровчик\thanatos-master\debug\thanatos.pdb |
|
| Details | Url | 1 | https://cdn.discordapp.com/attachments/230687913581477889/424941165339475968/fastleafdecay.exe |
|
| Details | Url | 1 | http://iplogger.com:80/1cutm6 |
|
| Details | Url | 1 | http://iplogger.com:80/1t3i37 |
|
| Details | Windows Registry Key | 188 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Yara rule | 1 | rule Thanatos {
strings:
$s1 = ".THANATOS\x00"
$s2 = "\\Desktop\\README.txt"
$s3 = "C:\\Windows\\System32\\notepad.exe C:\\Users\\"
$s4 = "AppData\\Roaming"
$s5 = "\\Desktop\x00"
$s6 = "\\Favourites\x00"
$s7 = "\\OneDrive\x00"
$s8 = "\\x00.exe\x00"
$s9 = "/c taskkill /im"
$s10 = "Software\\Microsoft\\Windows\\CurrentVersion\\Run"
condition:
6 of ($s1, $s2, $s3, $s4, $s5, $s6, $s7, $s8, $s9, $s10)
} |