Resubmissions

20-03-2024 09:05

240320-k2b83aea3y 10

19-03-2024 09:41

240319-lnrl9sge29 10

16-03-2024 19:26

240316-x5j5asac31 10

General

  • Target

    cede0a34e9d113730c70ff5bf98a26ba

  • Size

    23.5MB

  • Sample

    240319-lnrl9sge29

  • MD5

    cede0a34e9d113730c70ff5bf98a26ba

  • SHA1

    6afb850b76ca0bff6ed1aaadd4b5232351807611

  • SHA256

    01846406554cd4b29e1d9bd0f35396fcb437b8f264edf4f86431bda7a530edbb

  • SHA512

    6da7515ba7b9bf1678e52d3fa1437a375b627376a84635a8b0c494daab5b2de49baba1b50ddb72eed8b33600a14259eceaf3aa13ec7f268751fd9cdcc2d65c24

  • SSDEEP

    393216:FlCFPLCEDo2WtYjUaNRDHvcrwhvr+bUn2KekLTP/WViHjL2ciIrHWTtN3ZWykTHS:FeCEDVfjrRj0r6+bUno0j4ILgtN35SD6

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\README.txt

Family

demonware

Ransom Note
Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://keys.zeznzo.nl and search for your IP/hostname to get your key. Kind regards, Zeznzo
URLs

https://keys.zeznzo.nl

Targets

    • Target

      cede0a34e9d113730c70ff5bf98a26ba

    • Size

      23.5MB

    • MD5

      cede0a34e9d113730c70ff5bf98a26ba

    • SHA1

      6afb850b76ca0bff6ed1aaadd4b5232351807611

    • SHA256

      01846406554cd4b29e1d9bd0f35396fcb437b8f264edf4f86431bda7a530edbb

    • SHA512

      6da7515ba7b9bf1678e52d3fa1437a375b627376a84635a8b0c494daab5b2de49baba1b50ddb72eed8b33600a14259eceaf3aa13ec7f268751fd9cdcc2d65c24

    • SSDEEP

      393216:FlCFPLCEDo2WtYjUaNRDHvcrwhvr+bUn2KekLTP/WViHjL2ciIrHWTtN3ZWykTHS:FeCEDVfjrRj0r6+bUno0j4ILgtN35SD6

    Score
    10/10

MITRE ATT&CK Matrix

Tasks