demonware

General

Target

ceffb62017165e45477c873110790499
Size

23.5MB
Sample

240316-zay13sbe81
MD5

ceffb62017165e45477c873110790499
SHA1

0a402c062cde3bf8c6dbbec7580d64f245f0e746
SHA256

296c5be842fce9077234a6eb162214fbe9caf10ccd6b66be4b7e25803813c33b
SHA512

e591c8296dd5b69bae29845178c948e98268c574c70588c307562bbde7f62ad12af443a106ff832e1bb27712f1c56063a3877eb930757810e81c66894fb6fc50
SSDEEP

393216:nlCFPLCEDo2WtYjUaNRDHvcrwhvr+bUn2KekLTP/WViHjL2ciIrHWTtN3ZWyETkf:neCEDVfjrRj0r6+bUno0j4ILgtN35l3v

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\README.txt

Family

demonware

Ransom Note

Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://keys.zeznzo.nl and search for your IP/hostname to get your key. Kind regards, Zeznzo

URLs

https://keys.zeznzo.nl

Targets

- Target
  
  ceffb62017165e45477c873110790499
- Size
  
  23.5MB
- MD5
  
  ceffb62017165e45477c873110790499
- SHA1
  
  0a402c062cde3bf8c6dbbec7580d64f245f0e746
- SHA256
  
  296c5be842fce9077234a6eb162214fbe9caf10ccd6b66be4b7e25803813c33b
- SHA512
  
  e591c8296dd5b69bae29845178c948e98268c574c70588c307562bbde7f62ad12af443a106ff832e1bb27712f1c56063a3877eb930757810e81c66894fb6fc50
- SSDEEP
  
  393216:nlCFPLCEDo2WtYjUaNRDHvcrwhvr+bUn2KekLTP/WViHjL2ciIrHWTtN3ZWyETkf:neCEDVfjrRj0r6+bUno0j4ILgtN35l3v
Score

10^/10

demonware ransomware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2