dearcry

General

Target

feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.sample
Size

1.3MB
Sample

210726-7gswb4lxj6
MD5

c6eeb14485d93f4e30fb79f3a57518fc
SHA1

b7d99521348d319f57d2b2ba7045295fc99cf6a7
SHA256

feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede
SHA512

1cf95db6bb1b4b047ae91711c5f14c618c19ddee2465df44905e082a59c53d3aeee0e69e9aaf562ba117015e2e84ccfaed6b94d863dc6c153ba4ac8a17264ee5

Score

10^/10

Malware Config

Extracted

Path

C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt

Family

dearcry

Ransom Note

Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! 2133c369fb115ea61eebd7b62768decf

Emails

konedieyp@airmail.cc

uenwonken@memail.com

Targets

- Target
  
  feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.sample
- Size
  
  1.3MB
- MD5
  
  c6eeb14485d93f4e30fb79f3a57518fc
- SHA1
  
  b7d99521348d319f57d2b2ba7045295fc99cf6a7
- SHA256
  
  feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede
- SHA512
  
  1cf95db6bb1b4b047ae91711c5f14c618c19ddee2465df44905e082a59c53d3aeee0e69e9aaf562ba117015e2e84ccfaed6b94d863dc6c153ba4ac8a17264ee5
Score

10^/10

dearcry ransomware spyware stealer persistence
- DearCry
  DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.
  ransomware dearcry
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2