demonware | ba389eb9da179c8723afac65c68c5ae4e0749a25af341d5468b4cdf2a8b7a262 | Triage

Submit
Reports

Overview

overview

Static

static

3

ba389eb9da...62.exe

windows7_x64

7

ba389eb9da...62.exe

windows10-2004_x64

Sharing

General

Target

ba389eb9da179c8723afac65c68c5ae4e0749a25af341d5468b4cdf2a8b7a262
Size

12.1MB
Sample

220325-1w1mgachd2
MD5

d73d942548aea3b0eecc66ba8159f96b
SHA1

74b1a9d702724ddc79579673de073aaa36946db4
SHA256

ba389eb9da179c8723afac65c68c5ae4e0749a25af341d5468b4cdf2a8b7a262
SHA512

2029353a3c124dbf6629777e36c2f8f8ac6bdbabe11e5343d54ac5ff0b54368277fb8a9c90b51a49461f7bf8e8e2100844559bba522aaf408964b473aa64cfd0

Score

10^/10

demonware pyinstaller ransomware spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

ba389eb9da179c8723afac65c68c5ae4e0749a25af341d5468b4cdf2a8b7a262.exe

Resource

win7-20220311-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ba389eb9da179c8723afac65c68c5ae4e0749a25af341d5468b4cdf2a8b7a262.exe

Resource

win10v2004-en-20220113

demonware ransomware spyware stealer

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ba389eb9da179c8723afac65c68c5ae4e0749a25af341d5468b4cdf2a8b7a262
- Size
  
  12.1MB
- MD5
  
  d73d942548aea3b0eecc66ba8159f96b
- SHA1
  
  74b1a9d702724ddc79579673de073aaa36946db4
- SHA256
  
  ba389eb9da179c8723afac65c68c5ae4e0749a25af341d5468b4cdf2a8b7a262
- SHA512
  
  2029353a3c124dbf6629777e36c2f8f8ac6bdbabe11e5343d54ac5ff0b54368277fb8a9c90b51a49461f7bf8e8e2100844559bba522aaf408964b473aa64cfd0
Score

10^/10

demonware ransomware spyware stealer
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

demonwareransomwarespywarestealer

© 2018-2024

Terms | Privacy