ElectraHack Inactive

Ransomware group first observed in 2019. Uses ConnectWise for deployment.
PDF Report Back to Groups
0
Total Victims
2019-11-01
First Seen
2020-12-12
Last Seen
18
Known TTPs
38.2d
Avg Delay
0
Negotiations
ONION URLS
mbpvwpf2qw3zxjbkefhm4c2hvn5wvuxu2wsssyv3sa3zamjolupncguo.onion
TOOLS
ConnectWise SharpHound TeamViewer BazarLoader
FILE EXTENSIONS
.locked
ACTIVITY TIMELINE
TOP SECTORS
TOP COUNTRIES
ACTIVITY HEATMAP
Date Victim Name Country Sector Status
No victims recorded
Technique ID Technique Name Tactic
T1071.001 Web Protocols Command and Control
T1105 Ingress Tool Transfer Command and Control
T1003.001 LSASS Memory Credential Access
T1003.003 NTDS Credential Access
T1110.001 Password Guessing Credential Access
T1027 Obfuscated Files or Information Defense Evasion
T1036.005 Match Legitimate Name or Location Defense Evasion
T1016 System Network Configuration Discovery Discovery
T1049 System Network Connections Discovery Discovery
T1135 Network Share Discovery Discovery
T1041 Exfiltration Over C2 Channel Exfiltration
T1485 Data Destruction Impact
T1486 Data Encrypted for Impact Impact
T1078 Valid Accounts Initial Access
T1189 Drive-by Compromise Initial Access
T1566.001 Spearphishing Attachment Initial Access
T1547.001 Registry Run Keys Persistence
T1068 Exploitation for Privilege Escalation Privilege Escalation

No YARA rules

TypeValueDescriptionCopy
md5 28cb8da408cfad7f8bdd52b9c1e87d6f Associated with ElectraHack ransomware
sha256 c3bda6d5b4f64c983f18b5604743b262c4a64f846da9a82efa1d88ede42503c6 Associated with ElectraHack ransomware
tox BF6D4D7AF9E0BEAE84C2E5F5D14BBBBC72CFC3CB3D002CD91C8E7A8B43A46EC0E81D3F4A4ACA Infrastructure linked to ElectraHack
sha1 a30b31ed91fe5d4f087f07c070027df8411a7509 Dropper hash observed in ElectraHack attacks
tox B36F3C4DE4FAE3C3BAC1FC225B75D88B3BB3E274EBCB9D5A1CBCBAEC0D9DD12E4544B5304760 Tox messenger ID observed in ElectraHack attacks
btc bc1qdyy05mofm6wuipdu1lg86fcio03a4qwxgufba9 Bitcoin ransom address observed in ElectraHack attacks
md5 7ce144652a909dd530855d21eb3e1950 Associated with ElectraHack ransomware

No ransom notes