dusk | 8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e

Analysis

max time kernel
22s
max time network
14s
platform
windows7_x64
resource
win7v200722
submitted
28-09-2020 10:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe
Size

18KB
MD5

849ffabdc4a5e8da2ca654f614b01c56
SHA1

791730d1deeb38d4fc93529c7ad9da06d060edd8
SHA256

8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e
SHA512

2df86fb79f463252c794fa757a7a95d2c25ee5911c018e9ce50545669e93361e7216edabaa0880419a851405b4dab3fafab0d72f0196ae3f98ec26c9676fd85e

Score

10^/10

ransomware dusk

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\!#!READ-ME!#!.txt

Family

dusk

Ransom Note

------------------------------ ____ __ _______ __ __ / __ \/ / / / ___// //_/ / / / / / / /\__ \/ ,< / /_/ / /_/ /___/ / /| | /_____/\____//____/_/ |_| ------------------------------ Dusk v1.0 YOUR FILES ARE ENCRYPTED! ------------------------------ If you want to recover them follow these steps: 1. Send $50 to this address: BTC: 1EiGoumJiBNJszEzTzasmQhCVaEYDDEbuo 2. Send email to: cyber.duskfly@protonmail.com 3. Enjoy! ------------------------------ Do not waste your time trying recover your files using third party services! Only we can do that

Emails

cyber.duskfly@protonmail.com

Wallets

1EiGoumJiBNJszEzTzasmQhCVaEYDDEbuo

Signatures

Dusk Ransomware
Family first seen in September 2020.
ransomware dusk

Modifies extensions of user files 2 IoCs

Ransomware generally changes the extension on encrypted files.

ransomware

Processes:

8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe

description	ioc	process
File renamed	C:\Users\Admin\Pictures\ConvertFromFind.png => C:\Users\Admin\Pictures\ConvertFromFind.png.Dusk	8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe
File renamed	C:\Users\Admin\Pictures\ImportCompress.png => C:\Users\Admin\Pictures\ImportCompress.png.Dusk	8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe

C:\Users\Admin\AppData\Local\Temp\8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe
"C:\Users\Admin\AppData\Local\Temp\8181c98ed221d00c89712ea50d37179dc633b9e04bfc2aca1b7df26fd3db1f4e.bin.exe"
1⤵
- Modifies extensions of user files
PID:1604

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1604-0-0x000007FEF6360000-0x000007FEF6D4C000-memory.dmp

Filesize
9.9MB

Download
memory/1604-1-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download