demonware

General

Target

2024-11-19_4d3ab23846b9dedc7b0ed695e873fced_ponmocup_ryuk
Size

12.7MB
Sample

241119-bg8bbsyjf1
MD5

4d3ab23846b9dedc7b0ed695e873fced
SHA1

82e6b2fca15eb28accaba9541b08dba74c19fb43
SHA256

05214e5aa2516af0f07882ab92a4c9e7a565e721e16eb96c7fda7bd2f980dfbf
SHA512

05114eec1919e473b2c0342c76be05caae90105720df0f9c5c0f338cc1cbcc7fa6f9beeef681a7ff2ef7878c662f2ce98b35eca8caf2e8462d9841591db5b1c8
SSDEEP

393216:nl4Dgt/xPBgn9c5hlERsMRFJzFcguYtN3ZWqg2j:l4UQEhksqZtN3dg

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README.txt

Family

demonware

Ransom Note

Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://keys.zeznzo.nl and search for your IP/hostname to get your key. Kind regards, Zeznzo

URLs

https://keys.zeznzo.nl

Targets

- Target
  
  2024-11-19_4d3ab23846b9dedc7b0ed695e873fced_ponmocup_ryuk
- Size
  
  12.7MB
- MD5
  
  4d3ab23846b9dedc7b0ed695e873fced
- SHA1
  
  82e6b2fca15eb28accaba9541b08dba74c19fb43
- SHA256
  
  05214e5aa2516af0f07882ab92a4c9e7a565e721e16eb96c7fda7bd2f980dfbf
- SHA512
  
  05114eec1919e473b2c0342c76be05caae90105720df0f9c5c0f338cc1cbcc7fa6f9beeef681a7ff2ef7878c662f2ce98b35eca8caf2e8462d9841591db5b1c8
- SSDEEP
  
  393216:nl4Dgt/xPBgn9c5hlERsMRFJzFcguYtN3ZWqg2j:l4UQEhksqZtN3dg
Score

10^/10

demonware ransomware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Demonware family
  demonware
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Demonware family

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2