General

  • Target

    feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.sample

  • Size

    1.3MB

  • Sample

    210726-7gswb4lxj6

  • MD5

    c6eeb14485d93f4e30fb79f3a57518fc

  • SHA1

    b7d99521348d319f57d2b2ba7045295fc99cf6a7

  • SHA256

    feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede

  • SHA512

    1cf95db6bb1b4b047ae91711c5f14c618c19ddee2465df44905e082a59c53d3aeee0e69e9aaf562ba117015e2e84ccfaed6b94d863dc6c153ba4ac8a17264ee5

Malware Config

Extracted

Path

C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt

Family

dearcry

Ransom Note
Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! 2133c369fb115ea61eebd7b62768decf
Emails

konedieyp@airmail.cc

uenwonken@memail.com

Targets

    • Target

      feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede.sample

    • Size

      1.3MB

    • MD5

      c6eeb14485d93f4e30fb79f3a57518fc

    • SHA1

      b7d99521348d319f57d2b2ba7045295fc99cf6a7

    • SHA256

      feb3e6d30ba573ba23f3bd1291ca173b7879706d1fe039c34d53a4fdcdf33ede

    • SHA512

      1cf95db6bb1b4b047ae91711c5f14c618c19ddee2465df44905e082a59c53d3aeee0e69e9aaf562ba117015e2e84ccfaed6b94d863dc6c153ba4ac8a17264ee5

    • DearCry

      DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.

    • Modifies Installed Components in the registry

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.