demonware

General

Target

demonware_21332930186.zip
Size

11.7MB
Sample

250213-1y9yxswlcn
MD5

18e474c14fbfb6097602d3fdd5d151af
SHA1

1b61fb17e5b15efd8dd877e696b732ecaeb2f6d4
SHA256

07b5cd348ecd0b424d9cdad48928e175990b783e3209e6c23a2ab30f5a4c4d12
SHA512

cc9419c7fe79be54a3bcc6e65c4281b9d7fdeb0c319452e2dc9aa187336eb2f02bb04f80457053313f9feff4fe7fe0159aba7b7e0fb7fb70b470d56467e2c5a5
SSDEEP

196608:niZspUjFvAsg3nx3NDoc6g10dFxJ+gQt3t4R0HaHlM3rQwmQRBau7dP9cKqhG6O/:i26vAFhDP12vat4R06HlMso7dPBqE6EX

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Pictures\README.txt

Ransom Note

Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 days to pay for your key 500Euro to our bitcoin adress to know the number of btc please contact by mail in the darknet : [email protected] Kind regards,

Emails

[email protected]

Targets

- Target
  
  2014320bd35ed8bd0ce1fd96edd9c3b998053fda836f57f96ab4ca433ca72359
- Size
  
  11.9MB
- MD5
  
  d50a7940a066de282bda38190f41e40f
- SHA1
  
  756989e0f18bb31774cd2e4b20bd79adc77b51c4
- SHA256
  
  2014320bd35ed8bd0ce1fd96edd9c3b998053fda836f57f96ab4ca433ca72359
- SHA512
  
  256765c018f1a80d7bdfddb9d64542d234e2438177cce495ea46c04ddbd870f86d82a43a7206b244cafe1b57ed5b938b728a5e24cf3a746b6075efdd58e5f6f6
- SSDEEP
  
  196608:aJlAG6ZMHGxsv1JC0MhCZBTX1QFhjwt25Hnuz48RmU/3ZlsPvXf8fTvN8CWOwpiK:MlCymxsmlAHOHuztN3ZWXwToMh1R3
Score

10^/10

demonware discovery ransomware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Demonware family
  demonware
- Downloads MZ/PE file
- Loads dropped DLL
behavioral1 behavioral2