Overview

overview

10

Static

static

3

3f95f5df74...35.exe

windows7_x64

10

3f95f5df74...35.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3f95f5df74ed79327374523e166fc803b22714f939d333885c68636ca422e935

  • Size

    20.0MB

  • Sample

    220319-kwb14seggm

  • MD5

    e1cb8de1af8868ef1190b01ef6445ac7

  • SHA1

    c9764ccd30a854c554c2c9a7a08c30878e9b8a07

  • SHA256

    3f95f5df74ed79327374523e166fc803b22714f939d333885c68636ca422e935

  • SHA512

    b0f209a504fad071d2e1727d38b28fc1d8a68be5680ee3cb9fa65743d6396a82df4326422867cb91c8a066064c47ffe3730f31025ba3620ba13e9cb47d8565c0

Score
10/10
demonwarepyinstallerransomware

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\README.txt

Ransom Note
! You Have Been Hacked ! Your files have been encrypted by LockRansomware using RSA-2048. [.:Nothing personal just business:.] No one can help you to restore files without our special decryption tool. To get your files back you need to pay : option 1 =(BITCOIN) 1| Buy the equivalent of 50EURO in Bitcoin 2| Send Bitcoin to the following address : 1JJrohHmuCLXd95STzrxd5szYNA73KmGMd option 2 =(PAYSAFECARD) 1| Buy a paysafecard of 50EURO in a tobacco shop or on the internet> https://www.recharge.fr/paysafecard 2| Send the card code to the following email address : [email protected] After payement, sent the YOUR_ID.txt file on your Desktop who contains necessary data for your file decryption to [email protected] The decryption software will be automatically sent to you in response to your email
Wallets

1JJrohHmuCLXd95STzrxd5szYNA73KmGMd

URLs

https://www.recharge.fr/paysafecard

Targets

    • Target

      3f95f5df74ed79327374523e166fc803b22714f939d333885c68636ca422e935

    • Size

      20.0MB

    • MD5

      e1cb8de1af8868ef1190b01ef6445ac7

    • SHA1

      c9764ccd30a854c554c2c9a7a08c30878e9b8a07

    • SHA256

      3f95f5df74ed79327374523e166fc803b22714f939d333885c68636ca422e935

    • SHA512

      b0f209a504fad071d2e1727d38b28fc1d8a68be5680ee3cb9fa65743d6396a82df4326422867cb91c8a066064c47ffe3730f31025ba3620ba13e9cb47d8565c0

    Score
    10/10
    demonwareransomware

    • DemonWare

      Ransomware first seen in mid-2020.

      ransomwaredemonware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Loads dropped DLL

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks