Overview

overview

10

Static

static

3

ransom.exe

windows7-x64

10

ransom.exe

windows10-2004-x64

10

Resubmissions

04-07-2024 11:50

240704-nzne4aydqh 10

04-07-2024 11:48

240704-nyxblsydqe 10

04-07-2024 11:46

240704-nxrpqsydph 10

04-07-2024 07:49

240704-jntera1drj 10

03-07-2024 15:29

240703-swzfeawcrb 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    alldat.tar.gz

  • Size

    3.0MB

  • Sample

    240704-jntera1drj

  • MD5

    91f32121c212d4572ae024c5754a124e

  • SHA1

    528c11b74ceddd0e0e41c68a6c17dea12ca6370b

  • SHA256

    8fd67a431ae65bf9e21564c40f4fb7af65ee1b072b1aef691c63f82fc33aa11a

  • SHA512

    bfad07160ead6342b70b928f3fdddb6f6a3ac43643b23fbf3ccd8a362c00e5e06a2efa409fc67853493fb915ce7aff4f3622b2ef6c2eefeedb0575c9f696bb80

  • SSDEEP

    98304:YMmjtiBSTek2M7z+m7duS6cW8Q/gxmWJSL:YMm8Bw/r7hYS6c1txmh

Score
10/10
ransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Adobe\Acrobat\9.0\CyberVolk_ReadMe.txt

Ransom Note
Greetings. All your files have been encrypted by CyberVolk ransomware. Please never try to recover your files without decryption key which I give you after pay. They could be disappeared� You should follow my words. Pay $1000 BTC to below address. My telegram : @hacker7 Our Team : https://t.me/cubervolk We always welcome you and your payment.
URLs

https://t.me/cubervolk

Targets

    • Target

      ransom.exe

    • Size

      7.8MB

    • MD5

      648bd793d9e54fc2741e0ba10980c7de

    • SHA1

      f5d0c94b2be91342dc01ecf2f89e7e6f21a74b90

    • SHA256

      102276ae1f518745695fe8f291bf6e69856b91723244881561bb1a2338d54b12

    • SHA512

      d1428b934a360d7f3651947d11081892c93c7cd29a17dc38190cbb46c95939928ac6f805adf586be2937e27fc20aec8bd1fc2c782c681e7e94e9e8d33b8ebf15

    • SSDEEP

      98304:9+v9K8MgmB4oIWcCJ3ZZVL8oYi5lTkZkmla1DXL:S4uWcCT9Gzl

    Score
    10/10
    ransomwarespywarestealer

    • Renames multiple (902) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks