dearcry

General

Target

fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65
Size

1.3MB
Sample

210312-w5dgsx9llj
MD5

6be28a4523984698e7154671f73361bf
SHA1

b974375ef0f6dcb6ce30558df2ed8570bf1ad642
SHA256

fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65
SHA512

c3a44431e8cbb76d75ea2a1caca6fe77dfbd2a9565da918620433d415d396c08394ecb1c6454fc69661d61683711e53b60a69435e25518a04e81c20136f62f20

Score

10^/10

Malware Config

Extracted

Path

C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt

Family

dearcry

Ransom Note

Your file has been encrypted! If you want to decrypt, please contact us. [email protected] or [email protected] And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a

Emails

[email protected]

Targets

- Target
  
  fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65
- Size
  
  1.3MB
- MD5
  
  6be28a4523984698e7154671f73361bf
- SHA1
  
  b974375ef0f6dcb6ce30558df2ed8570bf1ad642
- SHA256
  
  fdec933ca1dd1387d970eeea32ce5d1f87940dfb6a403ab5fc149813726cbd65
- SHA512
  
  c3a44431e8cbb76d75ea2a1caca6fe77dfbd2a9565da918620433d415d396c08394ecb1c6454fc69661d61683711e53b60a69435e25518a04e81c20136f62f20
Score

10^/10

dearcry ransomware spyware stealer persistence
- DearCry
  DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.
  ransomware dearcry
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2