dcrat

Resubmissions

12-06-2024 08:28

240612-kcy2jawckj 10

10-06-2024 17:27

240610-v1ktxsvbpk 10

Sharing

Copy URL

Twitter E-mail

General

Target

Mydooms.zip
Size

7.3MB
Sample

240610-v1ktxsvbpk
MD5

d9bbe9314e8114fa2cc00422b09fdd9d
SHA1

a138d7a8c054d8dd9904f6fb378d51af02385a52
SHA256

dbcc1bec2dbc4002cfdade40966eb639ccf4da67a7b9728f444beb1d35ed4f7f
SHA512

79c96afd2bedb2ed22027cd135678db411fedeba92e481d2e410eb516cb26d8c8aebf3d63ed8941a91f70dee75a5fa2dfdff8c2bec07c205ac33710f2dff635f
SSDEEP

196608:RyiXnVyuWadlIK+eU3hW0y9PnO+K8Lsi2L:AiXnVyuWaP6eahWPNPt2L

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\RESTORE_FILES_INFO.txt

Ransom Note

All your files have been encrypted due to a security problem with your PC. If you want to restore them, write us to the e-mail [email protected] or: [email protected] (Backup mail) Send us this file RESTORE_FILES_INFO ================================================================================================================= Free decryption as a guarantee Before paying, you can send 1-2 files for free decryption. File format: txt doc pdf jpeg jpg gif png bmp Total file size should not exceed 2 MB (without archive) ====================================================== You can buy Bitcoins here: https://localbitcoins.com Or use the search how to buy Bitcoins in your country ================================================================================================================= IMPORTANT!!! Remember that your files are encrypted and only WE can recover them! Do not try to recover yourself, as well as on third-party resources, you will lose your files and money forever! ================================================================================================================= Key Identifier: my3sl9Yq1PK+YbpDrFH8dPMJiCTTIkoWj/yeg716ne9MGia5ULFpc1Mgi7UiDTNp+7VO9+bbcF20nkvmv4LXT82iki6X0cXcUljnVrLG3vrYOQU3Pdkxa2glJfh/wYlgW8zetKm8uyH+XkP2NfkCwdcmPcEXivuNCZ8NspdXPYYy6S9bZnmIYedqOW84j7MIPJJk/Tinm31hZCDMyLRlo46ya6LBvofFnhxoT+/zf3RYEV66ZJ5g+VCGpuxKtwdjwndHqtrSCT3G4vpsCKpoZnrLyl6TvDQFUfmIX2himhp269YuId2sr/nd6O6sqdxTyoX5GJa0ymznfE1wD2HjNLM5NlnzAGJC93rx5Jyf4sRwADl08PK2w1TYG0VL2zZ//zX8OShiL0lwD4nWSyD4cjaENLubeHu+eZlcI45FPARHfKzId3vuJm/uS01nK45yJ1br7TEFqgni3pFzdJVp2w15SMV2T7wbTgBXC95vMdnWKu0M6J7UbILMDl2X7KAhuyi+wtIQmROyFM2Sj6Nqy6uuFAt++6kqHmEhYjzcYY1oXPSB7JP6sD0PK/KZPfP/fI2Ly8RFyCTerzRSrwji/E61a7Dy248gYYWkMcd9U8UI9+jRTm+ySlp/a3ntEl2dQK1wLmB49aeBn+gXsf/b7DcwSzORCjOahyfssYHIJdo= Number of files that were processed is: 1095 PC Hardware ID: 3EBBE295

Emails

[email protected]

Extracted

Path

C:\ProgramData\Adobe\# SATAN CRYPTOR #.hta

Ransom Note

<html> <head> <title>SATAN CRYPTOR</title> <HTA:APPLICATION ID="" APPLICATIONNAME="" BORDER="DIALOG" MAXIMIZEBUTTON="NO" SCROLLFLAT="YES" CAPTION="YES" SELECTION="NO" INNERBORDER="NO" ICON="" SCROLL="NO" SHOWINTASKBAR="YES" SINGLEINSTANCE="YES" SYSMENU="YES" WINDOWSTATE="NORMAL" /> </head> <script language=javascript> var winWidth = 800; var winHeight = 600; window.resizeTo(winWidth, winHeight); window.moveTo(screen.width/2-winWidth/2, screen.height/2-winHeight/2); </script> <body bgcolor=buttonface text=buttontext style="font: 10pt 'Tahoma'"> <div style="font-weight:bold; font:16pt; text-align: center" id="Tittle">Attention!</div> <br> <div style="padding:15px" id="SubTittle"> Your documents, photos, databases and other important files have been encrypted cryptographically strong, without the cipher key recovery is impossible! <br> <br> To decrypt your files you need to buy the special software - <strong>SATAN DECRYPTOR</strong> and your <strong>Private Decryption Key</strong>. <br> <br> Using another tools could corrupt your files, in case of using third party software we dont give guarantees that full recovery is possible so use it on your own risk. <br> <br> If you want to restore files, write us to the our e-mail: <strong>[email protected]</strong> <br> <br> Please write your <strong>Personal Identification Code</strong> in body of your message. <br> <br> Also attach to email 3 encrypted files for free decryption test. (each file have to be less than 1 MB size and not have valuable content) <br> <br> It is in your interest to respond as soon as possible to ensure the restoration of your files! <br> <br> Your <strong>Personal Identification Code</strong>: </div> <center> <textarea style="overflow:auto; font:10pt 'Tahoma'" name="TextArea" rows=10 cols=120 readonly>5354000000019B0400008FB90AAD48D581AE7DB065C5C2F99FD1E256CD68DA6E587A080F8EE44F200FD91309F52F717C272ED5AD8A9AD27911DF722D8A0927B89083D0B878091E7F6D0D99E966940B1CCBACE3C42D74DDF4CB2422FBBB67EC1782A01F0D8F129E8AB3EE32B9C4B4ED28B7D622316CA68539F07BF90BF61BCFACB72809D76E9B83C4E6336E3AF99A36FDFE59A6C19A4A6E7C2DD9DC766E32CA07E4FEE706851C10222D1BEBB6E9F42E85445A680C990586B7597C6D68FF0B4A2F3B96687829A21BBF3FDA6273F6C739961EE8C939AB59AE14CDFCA3C60F0129040764641D0D3EFFFBAD9BA9494608F1EF73201FF530FF83B41A283E522BE484177FC0E5807B8D845A628DD2E72005267232E55F514932F1A5D372E94DC603542FC81E47BAFE27CA30893F4CB4E1AE252C16E88AED5B764B924DCA3F2C6D3019BF8F492EB98F58F1595AB82AD9EF9DC571FA52A3B6F00FE36632E65761AA4914718336EC54C18F9A9B4752F9FD44AE589A31D53B88C6E8327126C48082652A06A360D124C9265D4939EB43D0CAA331889DEE5F99111616AE09F08CDD71865AAC30738113A66BA4175E579D7C90A7F9BFDA908D7C51B99CC1916C3AA5C154A962F7ECFA72DEB2B55974F76021AE9ECA5B75688C7FF8897380D777C237D28C85BBDAB572B309782C4E7065E4628CA6631ECD52DF4E15B8A230050D139839078CD8CB0399208D7F1CB68F9EFB5D6ED4B7672F010C95B4FB823C4A3BEA779B9EDFAB31B1470E10D2BCF71E9F94BA9378152B472BC5989F81A33ED2171FB22550EC07F0AD3DED7AF7A6BA2AAE34801671DF25EFCA2A30053084FC2335831CF0ADE70E58E3AF08B8F021965F8A08498A3C91A6B0D30AA394E670A4630475C6095469B54D90883A7C76B23BA5773AC47A0706662DBB44181FA13D2B466B8340589C54ED88E3BA5B63C94DDF95385F778C9264F620EF7B90F33CDAB0DCAB66E8F2380C114BF70EC13CD3C4B8702BE153096C6B019B17B454EFF49261ADC74847C33901BD709D95E7B7B4C95E65437A52F0E19F25C892B3CE59CC659C5B3B85A9A5CF3ACDF7EFFF89D0040B90F8FD04855B415D7AE7D5186130DCBB95B0C897CB4E10D461C5F833867D0D60FC0EBD54AE1FC9293F9FF21B288F0C26488889F4E998C69124037A3CEA3A57F650A57C1DA3455BF1CE13C5CDC3E1C0ABD8C414114F314029B46B0C3EAE2A0E43A451BFB76176C6163D3443E0D9A638AD435085466AE7D94E58918DCBBDD1AE470B138A7EB1336A177DF3D7D7C350E9E1D1ECD67FBBEEB4B7379B183D5E8510DD6B04A99BE8616E53E118C0E300C9B9A80A4A4B48942DEA83ADBCE9EE0AE1EC77E117122CB9BFFEADEFC0D1A110A03C0C7B2F654295BE68FD7011E81D614FA74E8D1EC286BB3F7DC3E3105762F57CFAB7805203E5354875E360175D516E96FDF8424FC691D19371682298DAB1028814ACAB4F9B22D1E120A05FEF26F04926F50A5A85B1307AC8D1AE8915239B553F1CF2FD03289CD3CF1A74C518A9D1B189D9256109F94C659B67C0CF479FC8F9B20015E93400D14CD4DB78254BA2159EAA31A50622395453EC40EB6AD1F736F44220A8F74D6534BE3DABC533C85A4492D1C3BF17ACC3A5E9039E86839FD56D81765730CC65F6DC17EE95EC0A889E4A2B0DAA2167E1F39A8B1717AD040000</textarea> </center> </body>

Emails

<strong>[email protected]</strong>

Extracted

Family

zebrocy

Windows XP Professional x64 Edition

Targets

- Target
  
  Mydoom/00b9b6cf27deeda8de99d1719ef724808afa92080026df8dd17159be8ea420f7.exe
- Size
  
  879KB
- MD5
  
  af466faccd8bbab030d12caf7b16ea61
- SHA1
  
  e18711fe226d39fe182c45ea1a15ccc587980b67
- SHA256
  
  00b9b6cf27deeda8de99d1719ef724808afa92080026df8dd17159be8ea420f7
- SHA512
  
  2599b3b6db13c14e36bc24980da5457c8788624050ad727d2b1d8975b6405e1a6dfee9829a849900edcc7cc831b69604cce9e6e7e0080835e426df343a1d6e64
- SSDEEP
  
  12288:D+of7uHr7XLo+U90C447TmTWCsNWGHBm++WDzLGfWCayErUUxmptN:Dr7uH3vu0B4OWZxPDnG5ErUn
Score

1^/10
behavioral1
- Target
  
  Mydoom/05500734fe07ac2b5bc89aa12b090203c4b74851cb0d62bd388f27ec6d6caa81.exe
- Size
  
  15KB
- MD5
  
  32915fef0066f3a580ae9389d83e195f
- SHA1
  
  e000d59d91a6039c28a628ec436f680f41e8ffec
- SHA256
  
  05500734fe07ac2b5bc89aa12b090203c4b74851cb0d62bd388f27ec6d6caa81
- SHA512
  
  57d43daac4bc5d550bed9724dc8c2041111dba3f3a52fca7b688e3d6b64267c34c537b8045d974e007412f504aeb3428f571c360b053faff7c040c4bc235cbd8
- SSDEEP
  
  192:F7r4fe9FV9wQw0XJ58CWuVmcmLQ4k8Md0QiyIWNMrXRkf1ZdDjgXFk3AaDvFmv:FAfe7wQw+4Cc84ZM6eIkf1Z1jgXKHC
Score

1^/10
behavioral2
- Target
  
  Mydoom/0b75e2fadffc45dff940e58f5b6f8d99832426bb880f432f98d853308b29c9c5.exe
- Size
  
  355KB
- MD5
  
  ff4c98aae03f63b8256dd765e99f5934
- SHA1
  
  db774f2c4a2ed02f42effd6016e6ee7b8ae5cfde
- SHA256
  
  0b75e2fadffc45dff940e58f5b6f8d99832426bb880f432f98d853308b29c9c5
- SHA512
  
  eea1f000945adf51217d3b3e6faaa947c683de5c278ce0c7870360d959d65347804b563853d32ce2d49bd6fb0567c9d0d065ee561bb4b16d66af1bbd98197c1d
- SSDEEP
  
  6144:wlZzOaQGDj25OFco79+ITkBXkHQYfrF1aK0FAbw1lZzOR0x0k5kPFOM+11c5K9b:YZTP2kioZD1rUxPZA0x/ksB9b
Score

8^/10

persistence upx
- Drops file in Drivers directory
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral3
- Target
  
  Mydoom/0d5fa75218e5eb97fccbcf36d3bbd9cd77247260977f69c50deb29399ee0e464.exe
- Size
  
  9.4MB
- MD5
  
  813b749967045532f86e6442447bcd8b
- SHA1
  
  8d0615e7f7ba672a3fc94c05a9451f9d08797af7
- SHA256
  
  0d5fa75218e5eb97fccbcf36d3bbd9cd77247260977f69c50deb29399ee0e464
- SHA512
  
  47c16f403ab33ebb9e59c7c3a053dc29d0d654174d2be9153966ad9fc873e641f34ab44c7e38fb4c6fd376b384d4e1da0dacafb384e9abb1c7eb92cb32533877
- SSDEEP
  
  24576:GYx7SFGwWG8/Ad5kybgeK8uQY2ZqR7NlaDbTxnVhv2MMLdGIhJ:IFFbK8q2ZhDbTNv2MuV
Score

10^/10

dcrat infostealer rat
- DcRat
  DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
  rat infostealer dcrat
- DCRat payload
  Detects payload of DCRat, commonly dropped by NSIS installers.
  rat
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral4
- Target
  
  Mydoom/1760c5727e5568d3b18a1cbf0d50c311613699af8233c96fb3eee197f438ce9c.exe
- Size
  
  28KB
- MD5
  
  e26570922a9373c1f3a06f647ddd10a4
- SHA1
  
  e0f6853e39e0b9fbcb3062bb7e15b8734b9df9f3
- SHA256
  
  1760c5727e5568d3b18a1cbf0d50c311613699af8233c96fb3eee197f438ce9c
- SHA512
  
  e17a8c1ca8aa6c65106831086f203736b7bdd92c54d2487f381f7d7303a5f3852859935ef55a913dd8856c6015a5f9414308430ae1ff4b5690743025f8ff4c70
- SSDEEP
  
  384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNQ05:Dv8IRRdsxq1DjJcqf8
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral5
- Target
  
  Mydoom/1fe99fb7c527a90826896e695f23e712375358df3c7aa9163af6b96d872a9f81.exe
- Size
  
  21KB
- MD5
  
  26b8bc40d95b979e1e708a9f843242ad
- SHA1
  
  229284e8cb74bbfae647eb160e4188bda3e50721
- SHA256
  
  1fe99fb7c527a90826896e695f23e712375358df3c7aa9163af6b96d872a9f81
- SHA512
  
  e53fb1b351f47227c1568718c99cc78048507518ac823cebccddebdc630845f9c972a746036f67d416275bdb1667d298ddd6a0fd4e0fea4dc096d7c2cfcf0625
- SSDEEP
  
  384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzU4ek+:SCIqdH/k1ZVcT194jp44eD
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral6
- Target
  
  Mydoom/23361735678f37d77510b22306c727a987f84c87143bb0062f3d76413c36fc98.exe
- Size
  
  21KB
- MD5
  
  3f122d9a0b7a9f1aa8c973d170ee8d55
- SHA1
  
  3fb032e1a7a3a9cc5ce0d5f03fbb7f74a063ce39
- SHA256
  
  23361735678f37d77510b22306c727a987f84c87143bb0062f3d76413c36fc98
- SHA512
  
  25b3db24d20482476e07e29bcee1e231e106d1ec8e36bc390960085595816268ced9c6d392ee21e48c0643801e14c4bb88e1d006fc35467a1abf7b66a423fad4
- SSDEEP
  
  384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUEBI:SCIqdH/k1ZVcT194jp4ES
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral7
- Target
  
  Mydoom/2522b83852588bc0f7f620f9b4fe3a9337b9608be335d3958d190275f333df03.exe
- Size
  
  49KB
- MD5
  
  d4aae2114968c886660e4cbf1c694160
- SHA1
  
  c5b6d1ccc5f238686f3be7bfff44c9b612d74efb
- SHA256
  
  2522b83852588bc0f7f620f9b4fe3a9337b9608be335d3958d190275f333df03
- SHA512
  
  69d0c95abcb789b5e638e826c0b827634fb076248c659b1d2d62741383a62510d6ad6b1e6c16ea1a2ab7f2ac271ba56958e0f070def4a33c6bcaacba848c8395
- SSDEEP
  
  768:nqQ07c92/EyTAYtxqfGNC0klI7C8ycYlI5P194jp49w404LY:n87wc1aGNC0klI7CPpIFa69wAY
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral8
- Target
  
  Mydoom/2af6bc16f25822d6d2f1429bc15f3d47f6c0bcb026ba387249d173fc753919b2.exe
- Size
  
  22KB
- MD5
  
  44fad0089dd3b0b481f30486646fd3f0
- SHA1
  
  54a3e4359bedeba0d8747e2bc7e94ebbd48feef3
- SHA256
  
  2af6bc16f25822d6d2f1429bc15f3d47f6c0bcb026ba387249d173fc753919b2
- SHA512
  
  7137de8a76aa91bc921a7334dde182eaa786a42bc5dc7369e9265f9226ea52bedf003e8ba707f297d880828daa5f1183233d985cb98e371eb711c2523a1a0acc
- SSDEEP
  
  384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUIegaC3:SCIqdH/k1ZVcT194jp4IegaC3
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral9
- Target
  
  Mydoom/3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464.exe
- Size
  
  41KB
- MD5
  
  3e67d212278e1af5be913d236399fcf6
- SHA1
  
  f993125ed4af1de6a551a6e0843a6d124cd46f27
- SHA256
  
  3d9f9c162e130c197301adb5a4e141f2e1ae8a19c85b457c429e8410a5c91464
- SHA512
  
  f7e6394c9f9fdd6a03c72aaece5b4911cb821680a632f94b622b12d94cff9873d93b2c6604016524bdab4dd6e4b70b532c440f6b296138677be19e078ad23ec7
- SSDEEP
  
  768:/eMc5VwWt1jDkbXdnTOyQxHFO+IxX2P5LIbbcPYir2lAqcdF0i09sy:/q5VwWDjDkdTRqHFOn8tIbbeYiuZIFSl
Score

7^/10

persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
- Drops file in System32 directory
behavioral10
- Target
  
  Mydoom/3db846a796caa001666df8f7cae709fff02f984711b0e70e0e79c457d631b4e5.exe
- Size
  
  41KB
- MD5
  
  b1f6a4cc592f3c9f7d4b69c02ac74d11
- SHA1
  
  db2db17c1d3e2c4f3a45aad9215cc77ed455ffcc
- SHA256
  
  3db846a796caa001666df8f7cae709fff02f984711b0e70e0e79c457d631b4e5
- SHA512
  
  66c3d5cb3c9bf13604748853797e4c1a1eae13d52cdf43f16da0b1b180ad0c10102a2935d4d6bd0549f6e48427c0181cbb07f1ee664274727dff0cc61e5075c5
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral11
- Target
  
  Mydoom/493813116f32ad6f455676cd54e32a2167ece845038202614cbb49e126f5afdc.exe
- Size
  
  21KB
- MD5
  
  fd6deb4cda087d7a60b6b28104fad84b
- SHA1
  
  6826e88b55a2794f9ea72c86bb9cfd084fe2aee9
- SHA256
  
  493813116f32ad6f455676cd54e32a2167ece845038202614cbb49e126f5afdc
- SHA512
  
  afa16663956ffa8d50d7a6622c7cb01d9b01f83c1ef21dfce1eeffc8cc217499e7a78bcea952b59c501caa71b3aaa5b2c144ed30529685efb55266678eb18dc3
- SSDEEP
  
  384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzUMO2:SCIqdH/k1ZVcT194jp4N2
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral12
- Target
  
  Mydoom/4d61a61265cdd942cff973609170529eaf19579b5d17e64deccbd6f6f1fdfa08.exe
- Size
  
  29KB
- MD5
  
  0d14590170f35263c0e3f0e0e1594720
- SHA1
  
  21414e31724eb95408a4031a0c0508b2a12260e7
- SHA256
  
  4d61a61265cdd942cff973609170529eaf19579b5d17e64deccbd6f6f1fdfa08
- SHA512
  
  76e6fbd04c08b749b46ce1499e15ad58d7bb8d0c20db0a0fae54001f973aaa73e961cf80558c090d31d7f69918562c519c01c2cb441548feca63cea37792aa3c
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/V:AEwVs+0jNDY1qi/qt
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral13
- Target
  
  Mydoom/5642f8bd3bc151349ded1a3c160c037c26194c9da2b7ace5d8ca11cddb57612a.exe
- Size
  
  41KB
- MD5
  
  64276638075d3cab665966be7f366682
- SHA1
  
  3fb9c599d5dc9188332b4a9c0f1262c07ee24699
- SHA256
  
  5642f8bd3bc151349ded1a3c160c037c26194c9da2b7ace5d8ca11cddb57612a
- SHA512
  
  1bbd7440a14f8651ef4433cdda3a48071024838688f8ff88a0688cf56f28854232446f655731a44d1f02f1e572697e132f06c92dfa170825433154042be02826
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral14
- Target
  
  Mydoom/6c37d14d5ad674e4c0fa8df0a999be6b27399936c9ff16f7fb30b802addb7b4c.exe
- Size
  
  28KB
- MD5
  
  e5128ece1b9916a6df7cd56d66c193c2
- SHA1
  
  c99f687b182f3dee71e8434360595832ea431075
- SHA256
  
  6c37d14d5ad674e4c0fa8df0a999be6b27399936c9ff16f7fb30b802addb7b4c
- SHA512
  
  67b9166f33c78140ce2259df9a7bae92e6cae066b7f54cb0ebdec183ef1ffaf958f6cd24b0bb01e2b6a302fb73e9c5c057554c825e1496ef3b679e77dd7715af
- SSDEEP
  
  384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyNHS6e:Dv8IRRdsxq1DjJcqfH
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral15
- Target
  
  Mydoom/6c3c9af653a28977257ce971ed701b1b893cdf67d5c57baa44a9d76c28675dc3.exe
- Size
  
  21KB
- MD5
  
  41a7ddd957c89fc7d20b60fbb7526198
- SHA1
  
  2b3575ced3fb5227c1b21cb5a5d70de6ee20ac5e
- SHA256
  
  6c3c9af653a28977257ce971ed701b1b893cdf67d5c57baa44a9d76c28675dc3
- SHA512
  
  c97c733c37423269eefff67c66caf04317dbcfb8dc678cae18b265f9cde57ff0677c93cceaa0cda05e70daa3446d507538f1db9b37a30078568542a8cf67bec5
- SSDEEP
  
  384:FZcpzCIqdG3A3WUkx38GZDJuJbf1+o44u8gHzULMc4:SCIqdH/k1ZVcT194jp4LMx
Score

7^/10

persistence upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral16
- Target
  
  Mydoom/77186e57b2eeb3ed4b56cfe280d5eeea3155d9502217cda824600bc93d365320.exe
- Size
  
  29KB
- MD5
  
  4568631011aae49f42e185b46a1a30a5
- SHA1
  
  d3e88e07f54ad778b774822bcf283accc22b529b
- SHA256
  
  77186e57b2eeb3ed4b56cfe280d5eeea3155d9502217cda824600bc93d365320
- SHA512
  
  fc673b7013b9d291258579c18e0466e4e3e6de1fff73900fb3f87ff275aa0064e36620b7774880bbef14ad4e5e968ea46c0ef47484f260468f263cc6d1832cd1
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/p:AEwVs+0jNDY1qi/qh
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral17
- Target
  
  Mydoom/7bca70a81cc9e1067e99e313802a4cc095f79bbc3a1aa86b7b3b9eabf3748e61.exe
- Size
  
  29KB
- MD5
  
  18e2d2d193f1b5e2fe2cec1f6b4c5c38
- SHA1
  
  5c9e2ecd155da2d8822187398d58febd1044a1e4
- SHA256
  
  7bca70a81cc9e1067e99e313802a4cc095f79bbc3a1aa86b7b3b9eabf3748e61
- SHA512
  
  3a961ff5d823450134acc34fb984bd5105fcf02c65692ee5fc7273c6de9fc64185cc548ea1de6d5622d6985e754943a4b4d235458eb41bef469027e6b11a35ba
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/9:AEwVs+0jNDY1qi/q1
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral18
- Target
  
  Mydoom/8e934dcd46eb57d42712d097deab6ce00ef1ce2db87d03f8d3d8e8c10da7e088.exe
- Size
  
  45KB
- MD5
  
  3aa484f942ddfeff67d043fafb9877bb
- SHA1
  
  966cbc5b018d94b1797ad5d506ca4d3cb639eca7
- SHA256
  
  8e934dcd46eb57d42712d097deab6ce00ef1ce2db87d03f8d3d8e8c10da7e088
- SHA512
  
  9356aa0648b93558e0e3af85a9d08449f63c4e6675f82feed9b386425fcbcb7e391b2dfbc114055d0d2b779407b40074f7083205b194c0fa460e99ba8b635612
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral19
- Target
  
  Mydoom/9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060.exe
- Size
  
  41KB
- MD5
  
  cdc7a9e456810fd6d0a5f9129c633c03
- SHA1
  
  3fd75d798773bbb29b26a4c9b9c0635ff52fee57
- SHA256
  
  9a75c8e353df060ec927ada5990402b57764275f2a860d9cf500a661ec3de060
- SHA512
  
  635346ea4d4c29618469e2aac76e12280e89d44b3fc22e1b522608a5c2352337d20745116e85bcf96e592261d5adb460e1bae8ae2a41e27e0a32298567462c11
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral20
- Target
  
  Mydoom/9e067453f09c5cbfa4c5a74fe3e70d7d8e66a25057e6c35240dce5a40ec31bf3.exe
- Size
  
  28KB
- MD5
  
  f64e4d13a57ae222768b792b2c16158d
- SHA1
  
  5a0878beb5a8a464f71629f560b8ac12473776e7
- SHA256
  
  9e067453f09c5cbfa4c5a74fe3e70d7d8e66a25057e6c35240dce5a40ec31bf3
- SHA512
  
  e9bab92bb7df9414f531b579449c72fd911c9cc0e59809cb6105ef8bdd3cc7818e5626ef57159a7362a82e7cdbfbe2a0f58839e0167a696d3217e622143925a1
- SSDEEP
  
  384:1vxBbK26lj5Id8SpHx9jLhsznnVxA1WmP5w7GGCJlqqwMyN7F57Oz:Dv8IRRdsxq1DjJcqfAJOz
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral21
- Target
  
  Mydoom/Mydoom Ransomwares/1a174a556ce8e7a22c66f515ae1591f775bb673e989d5a39334f901edccf5406.exe
- Size
  
  127KB
- MD5
  
  93a7ed73f2245a1f043b74e724705f54
- SHA1
  
  6b97b4cd5d44e607540b841081f68b7755ce59f5
- SHA256
  
  1a174a556ce8e7a22c66f515ae1591f775bb673e989d5a39334f901edccf5406
- SHA512
  
  ab1d5999d7bdeb0a2d93a7476cbcace92971417d45a7459fbe294ed66d0466f0e121a68fe9ade89c3c71d4afab3b81b94aaaeabc99e6f02f79c307acbf574090
- SSDEEP
  
  3072:bhADm5OPINYUsx0Ki6uA9bKHtBdQex7Coy5q5l:bhAcO7xhjuA9bQQzq
Score

10^/10

evasion execution ransomware
- Disables service(s)
  evasion execution
- Renames multiple (228) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Drops startup file
- Drops desktop.ini file(s)
behavioral22
- Target
  
  Mydoom/Mydoom Ransomwares/1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c.exe
- Size
  
  27KB
- MD5
  
  4ae2e5156253fbeed2c6f13a066c98a1
- SHA1
  
  db318de72c2cdda1822999441d23b91e933a772b
- SHA256
  
  1fb613ee3b0e7f96f5dea029aae31b86340b0724e88f84a76b386af84d1cf95c
- SHA512
  
  c00c1c47e4cffaa3078885bbca42e6663bb478ec33b5b742c752412b204af55bf94008868264d0b03279339017732330e64c52d3b20f55e347194f65f2147be2
- SSDEEP
  
  384:XLNAZPBVp/L9Z1oQEDQVbfANpC78rMNAtpDkjvr+jfXNIRXrrahrBDBkHqd7gasb:XCZ5jz9YQEMb4KN2ywrFuHeJsyO
Score

6^/10
- Drops desktop.ini file(s)
behavioral23
- Target
  
  Mydoom/Mydoom Ransomwares/5458f18e36de21d20b713f7acd8575fc8a86330c466e1b9dc6f41bc81f3e79fc.exe
- Size
  
  100KB
- MD5
  
  7fdd3bf8886199e8336f95c88bcaa49a
- SHA1
  
  77e2019093379de4d5de07dbcf5893831c9bb7ec
- SHA256
  
  5458f18e36de21d20b713f7acd8575fc8a86330c466e1b9dc6f41bc81f3e79fc
- SHA512
  
  9d774eca21fb33f26991cf20f0f6a2f0bce56aa4cc3d17fd769e0bb767ca400cd5c8dd64bb62db23bf5bc112b91b1a26db7bf2f9d85993cb990be5113e527a40
- SSDEEP
  
  1536:1zmSA404oATJVPHEMXMxa6CO3/k/hdXVyczH+95DfFFjfuEnm:1zxEYsZaLhdlo95DfFFjfuCm
Score

10^/10

discovery evasion execution persistence ransomware
- Disables service(s)
  evasion execution
- Modifies Windows Firewall
  evasion
- Drops startup file
- Modifies file permissions
  discovery
- Modifies WinLogon
  persistence
behavioral24
- Target
  
  Mydoom/Mydoom Ransomwares/84ee7e5c055fd25204ca4969940292b03da9d45b5048cbb7f7ba8528b88a2859.exe
- Size
  
  492KB
- MD5
  
  63acb0fc42adddeefed36db5b1ad61bb
- SHA1
  
  7ffe0a6043397f55fd794971cac56a79fc564c0a
- SHA256
  
  84ee7e5c055fd25204ca4969940292b03da9d45b5048cbb7f7ba8528b88a2859
- SHA512
  
  91787551107a0c013b3c5c35b9cb51f5880403a9f8dc3370f3392aba8b37fe210eda82a8bbd474f1d6ad73e969a8d6c2962278a9f0d595c8842269c27142c4c0
- SSDEEP
  
  12288:rDA4+Z/YWwIQx+E6uI4+Z/YWvt8OW/9mZ4+QwQaNdmrlTT6zncVUJ7vn:wo9UPgTT6DN
Score

1^/10
behavioral25
- Target
  
  Mydoom/Mydoom Ransomwares/cc3b570fa8f87354f06a20d8873c45087684c217f1b434b3b0048acd96fe3e64.exe
- Size
  
  1.9MB
- MD5
  
  f09a781eeb97acf68c8c1783e76c29e6
- SHA1
  
  ec2b7eebfcbf263424ae194817060eac44c380c7
- SHA256
  
  cc3b570fa8f87354f06a20d8873c45087684c217f1b434b3b0048acd96fe3e64
- SHA512
  
  972fc4759d344c3eab157fe8bb345596592895ab9d27546961a93047142e8236dd876f3449a9f60dd5eb93a54035dcd3d7c8d70d468e3233341bfa4d674cfa64
- SSDEEP
  
  49152:jL7kITp6hTJEfHdQ2+Sd3KmkZt1EOS09VE8zbRfc7id4oPg:YITpmafy2+S5KmkZt1EOSP8zdfc7i5P
Score

7^/10

upx
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral26
- Target
  
  Mydoom/Mydoom Ransomwares/dd286a4d79d0f4c2b906073c7f46680252ca09c1c39b0dc12c92097c56662876.exe
- Size
  
  1.8MB
- MD5
  
  057aad993a3ef50f6b3ca2db37cb928a
- SHA1
  
  a57592be641738c86c85308ef68148181249bc0b
- SHA256
  
  dd286a4d79d0f4c2b906073c7f46680252ca09c1c39b0dc12c92097c56662876
- SHA512
  
  87c89027d60f80e99c526584fa093620b3f099151170362424ad78f5e4d7184bd9f2d627ec8463ca202127835f435dd4f85bf2b0d9351593c688855f0bbaffbb
- SSDEEP
  
  49152:BY/3BNLViG5jQWArXncSxhBfV7xLE1t+XgWJz5qtAj6R:BwgG5MWMX7h8+Uw
Score

10^/10

satancryptor zebrocy backdoor ransomware spyware stealer trojan upx
- SatanCryptor
  Golang ransomware first seen in early 2020.
  ransomware satancryptor
- Zebrocy
  Zebrocy is a backdoor created by Sofacy threat group and has multiple variants developed in different languages.
  trojan backdoor zebrocy
- Zebrocy Go Variant
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops desktop.ini file(s)
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral27
- Target
  
  Mydoom/a9a89ed0d139fbc436794f5d3a8e58c547247039d8c86767b1e2f2bce40e390f.exe
- Size
  
  41KB
- MD5
  
  ec9e58951bf3e0ff91c5f86cae637dc4
- SHA1
  
  8f2e5fce00e3f5265deabaa71a9243d1b936395c
- SHA256
  
  a9a89ed0d139fbc436794f5d3a8e58c547247039d8c86767b1e2f2bce40e390f
- SHA512
  
  466d31863ee8d7765b436f75588da017b095ac66f86deb8dff41fc2349de456da8dbb59bec863c4a754fc68a210ad8e1c578d968312c9ea0595d4aab7fb2f0a5
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral28
- Target
  
  Mydoom/b4ab8f5c8b97307b328ba30fdefdbe4341c4e2c576729fdb5c7329d5b07bb695.exe
- Size
  
  41KB
- MD5
  
  2f0ded84c37387024cd7145bd7e64e88
- SHA1
  
  61803770a6bdf2aafb3f7efcc3c135d63ddd55b5
- SHA256
  
  b4ab8f5c8b97307b328ba30fdefdbe4341c4e2c576729fdb5c7329d5b07bb695
- SHA512
  
  efe39f1abf0c1ae5662c95bdcc7022e5982069e7656860356643eabf4a567639136125294dfd3ecbde72e0853e886a88b5d085d8c757c7b63f67cb000b510848
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/:AEwVs+0jNDY1qi/q
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral29
- Target
  
  Mydoom/c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef.exe
- Size
  
  856KB
- MD5
  
  733766ff5495f04d82744291993eb69e
- SHA1
  
  2830778313fd7fccc6c8129d419b1757368078fd
- SHA256
  
  c03431309015563257e5e118656d07ce136f151339054b9f66894ecf9dde9aef
- SHA512
  
  cf3bf548e743894888ba3ea191a289f09d9f36215e1306aa21e61f0ea81473eec6df01a6e7f05f9251ecb9cc71c654934a53d4916c4152bf8fa4a95119e98cf2
- SSDEEP
  
  12288:0zqKbHTadreUv6e2faqsW8lEsbjwepi8K2cE4b5wxH5/uek6JA6QfmpFiMtMv7u3:yPaFnCec8vj1p7pc5bQZ/uesmoqt7jF
Score

8^/10

bootkit persistence upx
- Sets DLL path for service in the registry
  persistence
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral30
- Target
  
  Mydoom/c45a330cf80c33977658649596d4867301e928381c5fc37ec3edabfad2251324.exe
- Size
  
  29KB
- MD5
  
  5b4833161897a50ab4688e2990d1d24b
- SHA1
  
  0a04dd46bca64169511b4bcdc8ea36eb8ad55012
- SHA256
  
  c45a330cf80c33977658649596d4867301e928381c5fc37ec3edabfad2251324
- SHA512
  
  df87dacc161a583dbc060ddc60868476ba5a864021644da643475a93805229a633eb8f0ade738f2512e05b7ec3c8647d877bc4658beb475bd6b0347568caaf5e
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/l:AEwVs+0jNDY1qi/qN
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral31
- Target
  
  Mydoom/d42fc4dabd9a9e74156d1a856cb542ed2e0796d2d7c6b976c0ac5421a87f9806.exe
- Size
  
  29KB
- MD5
  
  c4074b5cca1b0e41aa22b8d090ccfd5f
- SHA1
  
  8a90f2c08d98c3803003c41147dfdaafa5d31039
- SHA256
  
  d42fc4dabd9a9e74156d1a856cb542ed2e0796d2d7c6b976c0ac5421a87f9806
- SHA512
  
  b4068d61d348ace4f9712e975b36e5077a34d93566b1ff46ba6933916bfb18fb506ee30b5feaa49a3c714a4636ff1868d499061ea1ec7b41c4fe2c01a34c8e42
- SSDEEP
  
  768:AEwHupU99d2JE0jNJJ83+8zzqgTdVY9/qg:AEwVs+0jNDY1qi/qig
Score

7^/10

persistence upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Adds Run key to start application
  persistence
behavioral32