Overview

overview

10

Static

static

feb3e6d30b...in.exe

windows7_x64

10

feb3e6d30b...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.bin

  • Size

    1.3MB

  • Sample

    210311-lq2qgx4z9s

  • MD5

    c6eeb14485d93f4e30fb79f3a57518fc

  • SHA1

    b7d99521348d319f57d2b2ba7045295fc99cf6a7

  • SHA256

    feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede

  • SHA512

    1cf95db6bb1b4b047ae91711c5f14c618c19ddee2465df44905e082a59c53d3aeee0e69e9aaf562ba117015e2e84ccfaed6b94d863dc6c153ba4ac8a17264ee5

Score
10/10
dearcrypersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt

Family

dearcry

Ransom Note
Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! 2133c369fb115ea61eebd7b62768decf
Emails

konedieyp@airmail.cc

uenwonken@memail.com

Targets

    • Target

      feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.bin

    • Size

      1.3MB

    • MD5

      c6eeb14485d93f4e30fb79f3a57518fc

    • SHA1

      b7d99521348d319f57d2b2ba7045295fc99cf6a7

    • SHA256

      feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede

    • SHA512

      1cf95db6bb1b4b047ae91711c5f14c618c19ddee2465df44905e082a59c53d3aeee0e69e9aaf562ba117015e2e84ccfaed6b94d863dc6c153ba4ac8a17264ee5

    Score
    10/10
    dearcryransomwarespywarestealerpersistence

    • DearCry

      DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.

      ransomwaredearcry

    • Modifies Installed Components in the registry

      persistence

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks