dearcry

General

Target

027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27.sample
Size

1.3MB
Sample

210726-p7vxdh7mcx
MD5

a7e571312e05d547936aab18f0b30fbf
SHA1

e0d643e759b2adf736b451aff9afa92811ab8a99
SHA256

027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27
SHA512

20e8af2770aa1be935f7d1b74d6db6f9aeb5aebab016ac6c2e58e60b1b5c9029726fda7b75ed003bf4a1a5a480024231c6a90f5a3d812bf2438dc2c540a49f88

Score

10^/10

Malware Config

Extracted

Path

C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt

Family

dearcry

Ransom Note

Your file has been encrypted! If you want to decrypt, please contact us. [email protected] or [email protected] And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a

Emails

[email protected]

Targets

- Target
  
  027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27.sample
- Size
  
  1.3MB
- MD5
  
  a7e571312e05d547936aab18f0b30fbf
- SHA1
  
  e0d643e759b2adf736b451aff9afa92811ab8a99
- SHA256
  
  027119161d11ba87acc908a1d284b93a6bcafccc012e52ce390ecb9cd745bf27
- SHA512
  
  20e8af2770aa1be935f7d1b74d6db6f9aeb5aebab016ac6c2e58e60b1b5c9029726fda7b75ed003bf4a1a5a480024231c6a90f5a3d812bf2438dc2c540a49f88
Score

10^/10

dearcry ransomware spyware stealer persistence
- DearCry
  DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.
  ransomware dearcry
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2