Overview

overview

10

Static

static

3

sample.tar

windows7-x64

10

sample.tar

windows10-2004-x64

3

Resubmissions

04-07-2024 11:50

240704-nzne4aydqh 10

04-07-2024 11:48

240704-nyxblsydqe 10

04-07-2024 11:46

240704-nxrpqsydph 10

04-07-2024 07:49

240704-jntera1drj 10

03-07-2024 15:29

240703-swzfeawcrb 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    alldat.tar.gz

  • Size

    3.0MB

  • Sample

    240703-swzfeawcrb

  • MD5

    91f32121c212d4572ae024c5754a124e

  • SHA1

    528c11b74ceddd0e0e41c68a6c17dea12ca6370b

  • SHA256

    8fd67a431ae65bf9e21564c40f4fb7af65ee1b072b1aef691c63f82fc33aa11a

  • SHA512

    bfad07160ead6342b70b928f3fdddb6f6a3ac43643b23fbf3ccd8a362c00e5e06a2efa409fc67853493fb915ce7aff4f3622b2ef6c2eefeedb0575c9f696bb80

  • SSDEEP

    98304:YMmjtiBSTek2M7z+m7duS6cW8Q/gxmWJSL:YMm8Bw/r7hYS6c1txmh

Score
10/10
ransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\CyberVolk_ReadMe.txt

Ransom Note
Greetings. All your files have been encrypted by CyberVolk ransomware. Please never try to recover your files without decryption key which I give you after pay. They could be disappeared� You should follow my words. Pay $1000 BTC to below address. My telegram : @hacker7 Our Team : https://t.me/cubervolk We always welcome you and your payment.
URLs

https://t.me/cubervolk

Targets

    • Target

      sample

    • Size

      7.8MB

    • MD5

      f823e7fcc3dcc9bfacbd649ead857d15

    • SHA1

      9a46483ade0f43b6d1aed2fd259a255bd4daa1f3

    • SHA256

      c97862eb9d56f566352cfc548542770d414edc375c3a0b767597cd6d1f47845b

    • SHA512

      d74e988cdc2122c05448017581a7274b2ed0abfdcf7ded1dac8ecaa20e9c1af0c2012516aaf54fc4d6809c75b6cbf46eaadb6c49367a74b68169526ae3efc8ac

    • SSDEEP

      98304:d+v9K8MgmB4oIWcCJ3ZZVL8oYi5lTkZkmla1DXL:y4uWcCT9Gzl

    Score
    10/10
    ransomwarespywarestealer

    • Renames multiple (880) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks