demonware

General

Target

98c14f48c1ae5cbbf6ff5403336e07c3_JaffaCakes118
Size

9.8MB
Sample

240605-vy2dwsch5x
MD5

98c14f48c1ae5cbbf6ff5403336e07c3
SHA1

d4b101f66a40114d3d1075d7c3a59cbbd47c707d
SHA256

8dc94d486fd546ffbf8f21252aba65efe18432a6cae815e02b8be4ce4449291a
SHA512

e9e88e5843fea3f0fcb2e446674b3414e2e2a6be478fb9325a2d623b50f9de009cbc0a768a2572b51de637bedf1f83f3dccf5996b1396f8a736215bfccbb310e
SSDEEP

196608:AWJmVsyb49U8ILoP1HqsimvlG2etbYPvbJQlHJCsdg8C6fvwJP4U:dJmVsU4iEP1RimtokJQlp7tw+

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README.txt

Family

demonware

Ransom Note

Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https:xyz.io and search for your IP/hostname to get your key. Kind regards, arman

Targets

- Target
  
  98c14f48c1ae5cbbf6ff5403336e07c3_JaffaCakes118
- Size
  
  9.8MB
- MD5
  
  98c14f48c1ae5cbbf6ff5403336e07c3
- SHA1
  
  d4b101f66a40114d3d1075d7c3a59cbbd47c707d
- SHA256
  
  8dc94d486fd546ffbf8f21252aba65efe18432a6cae815e02b8be4ce4449291a
- SHA512
  
  e9e88e5843fea3f0fcb2e446674b3414e2e2a6be478fb9325a2d623b50f9de009cbc0a768a2572b51de637bedf1f83f3dccf5996b1396f8a736215bfccbb310e
- SSDEEP
  
  196608:AWJmVsyb49U8ILoP1HqsimvlG2etbYPvbJQlHJCsdg8C6fvwJP4U:dJmVsU4iEP1RimtokJQlp7tw+
Score

10^/10

demonware ransomware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2