dearcry

General

Target

e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6.sample
Size

1.3MB
Sample

210726-s6g1e3f5es
MD5

cdda3913408c4c46a6c575421485fa5b
SHA1

56eec7392297e7301159094d7e461a696fe5b90f
SHA256

e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6
SHA512

666b7419adaa2fba34e53416fc29cac92bbbe36d9fae57bae00001d644f35484df9b1e44a516866b000b8ab04cd2241414fe0692e1a5b6f36d540ed13a45448a

Score

10^/10

Malware Config

Extracted

Path

C:\PROGRAM FILES\WINDOWS SIDEBAR\GADGETS\SLIDESHOW.GADGET\IMAGES\ON_DESKTOP\readme.txt

Family

dearcry

Ransom Note

Your file has been encrypted! If you want to decrypt, please contact us. konedieyp@airmail.cc or uenwonken@memail.com And please send me the following hash! d37fc1eabc6783a418d23a8d2ba5db5a

Emails

konedieyp@airmail.cc

uenwonken@memail.com

Targets

- Target
  
  e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6.sample
- Size
  
  1.3MB
- MD5
  
  cdda3913408c4c46a6c575421485fa5b
- SHA1
  
  56eec7392297e7301159094d7e461a696fe5b90f
- SHA256
  
  e044d9f2d0f1260c3f4a543a1e67f33fcac265be114a1b135fd575b860d2b8c6
- SHA512
  
  666b7419adaa2fba34e53416fc29cac92bbbe36d9fae57bae00001d644f35484df9b1e44a516866b000b8ab04cd2241414fe0692e1a5b6f36d540ed13a45448a
Score

10^/10

dearcry ransomware spyware stealer persistence
- DearCry
  DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.
  ransomware dearcry
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2