General

  • Target

    2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.exe

  • Size

    1.3MB

  • Sample

    230325-mbebvaed4x

  • MD5

    0e55ead3b8fd305d9a54f78c7b56741a

  • SHA1

    f7b084e581a8dcea450c2652f8058d93797413c3

  • SHA256

    2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff

  • SHA512

    5c3d58d1001dce6f2d23f33861e9c7fef766b7fe0a86972e9f1eeb70bfad970b02561da6b6d193cf24bc3c1aaf2a42a950fa6e5dff36386653b8aa725c9abaaa

  • SSDEEP

    24576:LU5NX2yJOiUXmEICxu2WAP0NIzkQM+KpPRQ9StIUDpl1fpxkHVZgMCS+:L7XP7P9o5QzUtl1fpxkHVZgMC3

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\DesktopSharingHub\readme.txt

Family

dearcry

Ransom Note
Your file has been encrypted! If you want to decrypt, please contact us. [email protected] or [email protected] And please send me the following hash! 638428e5021d4ae247b21acf9c0bf6f6

Targets

    • Target

      2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff.exe

    • Size

      1.3MB

    • MD5

      0e55ead3b8fd305d9a54f78c7b56741a

    • SHA1

      f7b084e581a8dcea450c2652f8058d93797413c3

    • SHA256

      2b9838da7edb0decd32b086e47a31e8f5733b5981ad8247a2f9508e232589bff

    • SHA512

      5c3d58d1001dce6f2d23f33861e9c7fef766b7fe0a86972e9f1eeb70bfad970b02561da6b6d193cf24bc3c1aaf2a42a950fa6e5dff36386653b8aa725c9abaaa

    • SSDEEP

      24576:LU5NX2yJOiUXmEICxu2WAP0NIzkQM+KpPRQ9StIUDpl1fpxkHVZgMCS+:L7XP7P9o5QzUtl1fpxkHVZgMC3

    • DearCry

      DearCry is a ransomware first seen after the 2021 Microsoft Exchange hacks.

    • Modifies Installed Components in the registry

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

MITRE ATT&CK Enterprise v6

Tasks