General
-
Target
2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample
-
Size
1.3MB
-
Sample
210722-n5tqzwrgrs
-
MD5
0e55ead3b8fd305d9a54f78c7b56741a
-
SHA1
f7b084e581a8dcea450c2652f8058d93797413c3
-
SHA256
2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff
-
SHA512
5c3d58d1001dce6f2d23f33861e9c7fef766b7fe0a86972e9f1eeb70bfad970b02561da6b6d193cf24bc3c1aaf2a42a950fa6e5dff36386653b8aa725c9abaaa
Malware Config
Extracted
C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt
dearcry
konedieyp@airmail.cc
uenwonken@memail.com
Targets
-
-
Target
2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.sample
-
Size
1.3MB
-
MD5
0e55ead3b8fd305d9a54f78c7b56741a
-
SHA1
f7b084e581a8dcea450c2652f8058d93797413c3
-
SHA256
2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff
-
SHA512
5c3d58d1001dce6f2d23f33861e9c7fef766b7fe0a86972e9f1eeb70bfad970b02561da6b6d193cf24bc3c1aaf2a42a950fa6e5dff36386653b8aa725c9abaaa
Score10/10-
DearCry
DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-