Overview

overview

10

Static

static

3

1dbbd2ae29...cf.exe

windows7_x64

7

1dbbd2ae29...cf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6744194780266496.zip

  • Size

    12.5MB

  • Sample

    210324-5s8f52ffka

  • MD5

    a23aad6240c35a21aec86673603dfa9d

  • SHA1

    70db75b2f2a4c1de4717fce889db2e6e8c026a75

  • SHA256

    f69575c8a47f7829d9ed3c9caf424e4c0f5e46d521a35a3bb17f16c5acf38c9e

  • SHA512

    9a9efd1504882b943fe0bfa78145c53f6acee189a77ac41b462118bcadc7617112d8bd0adb12be9a625291059ae24c07e982e1a97eeef3a8b1c3f8d8b0615059

Score
10/10
demonwarepyinstallerransomware

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\README.txt

Ransom Note
Seems like you got hit by Skullware! Don't Panic, you can have your files back! SkullWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key In order to decrypt you're files you will need to pay 0.002 bitcoin to this address bc1qpf5884eeausmv8rtf93kplu573t477tquskeuz you will also have to email [email protected] in with a photo of you're transaction please note you can buy bitcoin on coinbase.com Kind regards, Crypt
Wallets

bc1qpf5884eeausmv8rtf93kplu573t477tquskeuz

Targets

    • Target

      1dbbd2ae295dae3cfff1769cc919aacb3b0c9d0ecf550f37f3901e2244a165cf

    • Size

      12.8MB

    • MD5

      d57b26a5738e3116c39122c091374c4a

    • SHA1

      cc25f6a5d73ca7385a2b5beb697d51a6706d73e9

    • SHA256

      1dbbd2ae295dae3cfff1769cc919aacb3b0c9d0ecf550f37f3901e2244a165cf

    • SHA512

      92a50b8205580295274c688ace588b2a2448396ee0b7ec874c95a938a7cbb525e6cea33871c88037d2b67d4ad60e4f76566fa599d82c50faa043d1dbe029aa2f

    Score
    10/10
    demonwareransomware

    • DemonWare

      Ransomware first seen in mid-2020.

      ransomwaredemonware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks