General

  • Target

    DC.exe

  • Size

    1.3MB

  • Sample

    210316-t5pavcde6j

  • MD5

    a7e571312e05d547936aab18f0b30fbf

  • SHA1

    e0d643e759b2adf736b451aff9afa92811ab8a99

  • SHA256

    027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27

  • SHA512

    20e8af2770aa1be935f7d1b74d6db6f9aeb5aebab016ac6c2e58e60b1b5c9029726fda7b75ed003bf4a1a5a480024231c6a90f5a3d812bf2438dc2c540a49f88

Malware Config

Extracted

Path

C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt

Family

dearcry

Ransom Note
Your file has been encrypted! If you want to decrypt, please contact us. [email protected] or [email protected] And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a

Targets

    • Target

      DC.exe

    • Size

      1.3MB

    • MD5

      a7e571312e05d547936aab18f0b30fbf

    • SHA1

      e0d643e759b2adf736b451aff9afa92811ab8a99

    • SHA256

      027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27

    • SHA512

      20e8af2770aa1be935f7d1b74d6db6f9aeb5aebab016ac6c2e58e60b1b5c9029726fda7b75ed003bf4a1a5a480024231c6a90f5a3d812bf2438dc2c540a49f88

    • DearCry

      DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.

    • Modifies Installed Components in the registry

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks