demonware

General

Target

caae4a687cd5d377a4d9429c1a66323a3e06cf556abffb2e4f663e1ea54c4c54
Size

9.7MB
Sample

221130-w36pvadf87
MD5

e038ed6403349984198eaf576099eaa0
SHA1

e5325adc058604bb09aa29904b79918a1f0fee37
SHA256

caae4a687cd5d377a4d9429c1a66323a3e06cf556abffb2e4f663e1ea54c4c54
SHA512

f0f94d65f2cb06778aed46245ba5143ad40fe123916a2146d883fa8f3dfb194a5f37da752b9b5f18f251791fe202ea7bb2061e143f2e4bf8b585c5be4f381e57
SSDEEP

196608:LHZ4TlJPa6z4J5qgD4ImjXEMGBO7oIrkBwcrFSp82giE2tBx1tmu:LHZQluWTKOzrkB3if

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\README.txt

Family

demonware

Ransom Note

Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://keys.zeznzo.nl and search for your IP/hostname to get your key. Kind regards, Zeznzo

URLs

https://keys.zeznzo.nl

Targets

- Target
  
  caae4a687cd5d377a4d9429c1a66323a3e06cf556abffb2e4f663e1ea54c4c54
- Size
  
  9.7MB
- MD5
  
  e038ed6403349984198eaf576099eaa0
- SHA1
  
  e5325adc058604bb09aa29904b79918a1f0fee37
- SHA256
  
  caae4a687cd5d377a4d9429c1a66323a3e06cf556abffb2e4f663e1ea54c4c54
- SHA512
  
  f0f94d65f2cb06778aed46245ba5143ad40fe123916a2146d883fa8f3dfb194a5f37da752b9b5f18f251791fe202ea7bb2061e143f2e4bf8b585c5be4f381e57
- SSDEEP
  
  196608:LHZ4TlJPa6z4J5qgD4ImjXEMGBO7oIrkBwcrFSp82giE2tBx1tmu:LHZQluWTKOzrkB3if
Score

10^/10

demonware ransomware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2