dearcry

General

Target

0e55ead3b8fd305d9a54f78c7b56741a.7z
Size

613KB
Sample

220119-xfwf2acdg2
MD5

de849950d1f30e4fd3197a871a2f33dd
SHA1

d19e262addf25e440ffb5ea2ea88f44bee546209
SHA256

d3722c88f41e2a0a88ee0a6e696df83524662ea0ff5d30f441e05cdc4dbcf9cf
SHA512

5786d043caf83c9bceb43aa850dd321adb5493f7aa17b0afaf4d4c1a428457c38226d740fcc930acaf886442139503542452af9320216f4b7fd659ba7e7c6d8b

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Public\Desktop\readme.txt

Family

dearcry

Ransom Note

Your file has been encrypted! If you want to decrypt, please contact us. [email protected] or [email protected] And please send me the following hash! 638428e5021d4ae247b21acf9c0bf6f6

Emails

[email protected]

Targets

- Target
  
  0e55ead3b8fd305d9a54f78c7b56741a
- Size
  
  1.3MB
- MD5
  
  0e55ead3b8fd305d9a54f78c7b56741a
- SHA1
  
  f7b084e581a8dcea450c2652f8058d93797413c3
- SHA256
  
  2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff
- SHA512
  
  5c3d58d1001dce6f2d23f33861e9c7fef766b7fe0a86972e9f1eeb70bfad970b02561da6b6d193cf24bc3c1aaf2a42a950fa6e5dff36386653b8aa725c9abaaa
Score

10^/10

dearcry persistence ransomware spyware stealer
- DearCry
  DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.
  ransomware dearcry
- Suspicious use of NtCreateProcessExOtherParentProcess
- Modifies Installed Components in the registry
  persistence
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2