General
-
Target
de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324.exe
-
Size
7.8MB
-
Sample
241006-jw468azekf
-
MD5
4e66429d85967e344d8354e9b81719dc
-
SHA1
b958fb7241cc9675b8dd967b02df6a6ad92de52d
-
SHA256
de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324
-
SHA512
8645025d5c94eb2580c6094f47f733a7ab27d1482e4e5bcc9f93dc0e419b4d50fc1a1e0236ba8204f07389136032a9ebe64f5ea9cd3e42ddf2879a516d6cbe09
-
SSDEEP
196608:9RRRRRgRRRRRRRRRRRRRURRRRRRRRRRRRR/3LRcDRRRRRH56RRRRR9BcM9tpfHmH:9RRRRRgRRRRRRRRRRRRRURRRRRRRRRR6
Static task
static1
Behavioral task
behavioral1
Sample
de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324.exe
Resource
win10v2004-20240802-en
Malware Config
Extracted
C:\Users\Admin\Desktop\CyberVolk_ReadMe.txt
https://t.me/cubervolk
Targets
-
-
Target
de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324.exe
-
Size
7.8MB
-
MD5
4e66429d85967e344d8354e9b81719dc
-
SHA1
b958fb7241cc9675b8dd967b02df6a6ad92de52d
-
SHA256
de0b74917fe24c2b38e2d1172b7352f88bf8b3df64b6d44ca5f317db85aeb324
-
SHA512
8645025d5c94eb2580c6094f47f733a7ab27d1482e4e5bcc9f93dc0e419b4d50fc1a1e0236ba8204f07389136032a9ebe64f5ea9cd3e42ddf2879a516d6cbe09
-
SSDEEP
196608:9RRRRRgRRRRRRRRRRRRRURRRRRRRRRRRRR/3LRcDRRRRRH56RRRRR9BcM9tpfHmH:9RRRRRgRRRRRRRRRRRRRURRRRRRRRRR6
Score10/10-
Renames multiple (206) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-