FANDOM


5H311 1NJ3C706 is a ransomware which operates like a screenlocker. 5H311 1NJ3C706 was not capable of encrypting data after testing 5H311 1NJ3C706. However, studying the 5H311 1NJ3C706's code reveals that the 5H311 1NJ3C706 is designed to function as an encryption ransomware Trojan rather than a screen locker.

Payloads

Transmission

5H311 1NJ3C706 might infiltrate the system via malspam campaigns.

Infection

Once the targeted computer is infected, users are prompted to the new window with the ransom note which they cannot exit. Researchers discovered that this malware involves the encryption code and should append .5H311 1NJ3C706 extension after encryption. These attacks target the user-generated files, which may include files with the following file extensions:

.jpg, .jpeg, .raw, .tif, .gif, .png, .bmp, .3dm, .max, .accdb, .db, .dbf, .mdb, .pdb, .sql, .dwg, .dxf, .cpp, .cs, .h, 
.php, .asp, .rb, .java, .jar, .class, .py, .js, .aaf, .aep, .aepx, .plb, .prel, .prproj, .aet, .ppj, .psd, .indd, .indl, 
.indt, .indb, .inx, .idml, .pmd, .xqx, .xqx, .ai, .eps, .ps, .svg, .swf, .fla, .as3, .as, .txt, .doc, .dot, .docx, .docm, 
.dotx, .dotm, .docb, .rtf, .wpd, .wps, .msg, .pdf, .xls, .xlt, .xlm, .xlsx, .xlsm, .xltx, .xltm, .xlsb, .xla, .xlam, .xll, 
.xlw, .ppt, .pot, .pps, .pptx, .pptm, .potx, .potm, .ppam, .ppsx, .ppsm, .sldx, .sldm, .wav, .mp3, .aif, .iff, .m3u, .m4u, 
.mid, .mpa, .wma, .ra, .avi, .mov, .mp4, .3gp, .mpeg, .3g2, .asf, .asx, .flv, .mpg, .wmv, .vob, .m3u8, .dat, .csv, .efx, 
.sdf, .vcf, .xml, .ses, .qbw, .qbb, .qbm, .qbi, .qbr , .cnt, .des, .v30, .qbo, .ini, .lgb, .qwc, .qbp, .aif, .qba, .tlg, 
.qbx, .qby , .1pa, .qpd, .txt, .set, .iif, .nd, .rtp, .tlg, .wav, .qsm, .qss, .qst, .fx0, .fx1, .mx0, .fpx, .fxr, .fim, 
.ptb, .ai, .pfb, .cgn, .vsd, .cdr, .cmx, .cpt, .csl, .cur, .des, .dsf, .ds4, .drw, .eps, .ps, .prn, .gif, .pcd, .pct, 
.pcx, .plt, .rif, .svg, .swf, .tga, .tiff, .psp, .ttf, .wpd, .wpg, .wi, .raw, .wmf, .txt, .cal, .cpx, .shw, .clk, .cdx, 
.cdt, .fpx, .fmv, .img, .gem, .xcf, .pic, .mac, .met, .pp4, .pp5, .ppf, .nap, .pat, .ps, .prn, .sct, .vsd, .wk3, .wk4, 
.xpm, .zip, .rar.

5H311 1NJ3C706 will deliver a ransom note in the form of a program window. 5H311 1NJ3C706 ransom note contains the following message:

Ransomware 5H311 1NJ3C706
You Has Been Hacked
+What happened to my file
All your file has been locked. You must pay money to have a key.
If you don;t pay , after 24h your file will be delete.
+How to buy
You must send 300 Bitcoin to my address
+How to have Bitcoin
You can buy Bitcoin on website or other website.
hxxps://coinsutra[.]com/go/Coinbase/
hxxps://coinsutra[.]com/go/Bitstamp/
+Where address to send
To see my wallet address, click Button "Pay Money".
After we receive Bitcoin from you. We will send key to your email.
Time [24h countdown timer]
Created By Hacker Thn
Give for fan
5H311 1NJ3C706