General

  • Target

    pycryptopayload.exe

  • Size

    23.9MB

  • Sample

    231014-cjxs2sch46

  • MD5

    ec74dbce58746b38fd7b4c893e6a0055

  • SHA1

    52f9654a1c15d8bf22a45db456792fc9ee3f1195

  • SHA256

    e3e691a9c78c57df9fd04725cc230502f0c1c9c60f8cdfad677c65458409a7f2

  • SHA512

    5ecb1ba09f838838dbfceed00a9324b8f85d0f4dc9e8c51e3a77ae55031417ad453c5462c3947990801583aab4e018d8ad56b8cee4a4651e131a6945d058dde6

  • SSDEEP

    393216:V+vUWv/HL2Vmo2WtYjUaNRDHvcrwhvr+bUn2KekLTH6mp/WViHW0Gzajaq3+d9Xn:V4UYyVmVfjrRj0r6+bUno0fcElOd9Xg2

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\README.txt

Family

demonware

Ransom Note
Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://keys.zeznzo.nl and search for your IP/hostname to get your key. Kind regards, Zeznzo
URLs

https://keys.zeznzo.nl

Targets

    • Target

      pycryptopayload.exe

    • Size

      23.9MB

    • MD5

      ec74dbce58746b38fd7b4c893e6a0055

    • SHA1

      52f9654a1c15d8bf22a45db456792fc9ee3f1195

    • SHA256

      e3e691a9c78c57df9fd04725cc230502f0c1c9c60f8cdfad677c65458409a7f2

    • SHA512

      5ecb1ba09f838838dbfceed00a9324b8f85d0f4dc9e8c51e3a77ae55031417ad453c5462c3947990801583aab4e018d8ad56b8cee4a4651e131a6945d058dde6

    • SSDEEP

      393216:V+vUWv/HL2Vmo2WtYjUaNRDHvcrwhvr+bUn2KekLTH6mp/WViHW0Gzajaq3+d9Xn:V4UYyVmVfjrRj0r6+bUno0fcElOd9Xg2

    Score
    10/10

MITRE ATT&CK Matrix

Tasks