demonware

General

Target

cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb
Size

12.5MB
Sample

220319-tc5zhsdbgj
MD5

edc704dd390b0997eb400b9b88b59d69
SHA1

2e2859363b9e35f6b315fb1b6f120418b32143a0
SHA256

cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb
SHA512

288ce3b254ed54efca983b64ad7b7260d7d2bc440ad43bbb1e64ad5ef851f16ea8578a40ebbe516bb151e30a6b3d9ba327b22e545cd42738f2c75357ea681208

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\README.txt

Family

demonware

Ransom Note

Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://keys.zeznzo.nl and search for your IP/hostname to get your key. Kind regards, Zeznzo

URLs

https://keys.zeznzo.nl

Targets

- Target
  
  cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb
- Size
  
  12.5MB
- MD5
  
  edc704dd390b0997eb400b9b88b59d69
- SHA1
  
  2e2859363b9e35f6b315fb1b6f120418b32143a0
- SHA256
  
  cfaa8aa9053eec83c5387ffb374d57b9d3d19b94d3d7d83568fee2f748b50afb
- SHA512
  
  288ce3b254ed54efca983b64ad7b7260d7d2bc440ad43bbb1e64ad5ef851f16ea8578a40ebbe516bb151e30a6b3d9ba327b22e545cd42738f2c75357ea681208
Score

10^/10

demonware ransomware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Modifies extensions of user files

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2