demonware

General

Target

2025-03-30_644e136ccb39f10964f7b656f96dd144_black-basta_cobalt-strike_satacom
Size

11.8MB
Sample

250330-pjy3bsytc1
MD5

644e136ccb39f10964f7b656f96dd144
SHA1

f3095cb5794501d3b206f343ca69a6713b61bd65
SHA256

54e7dd4f468545498d148fcc575e9df14a152d3f9f1cfaf49fca1fb5c529e782
SHA512

5e2c83a1e8b8c8c062f7aa77042bf3bd87c737817c8077e53d4cc80a4f793dba96b46af9e227d806a8eb144678338719f627bb215a6bb5eabbb48db07b28aa2a
SSDEEP

196608:sZlAG6ZeZ2jeC3b9fHr7DpFC4g0AVIGvO8ZJ9BIBxIFO48RmU/3ZlsPvmu7STvNY:6lCM14VvLgtIGZYXIotN3ZWL7STZ6jb

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\README.txt

Family

demonware

Ransom Note

Tango Down! Seems like you got hit by DemonWare ransomware! Don't Panic, you get have your files back! DemonWare uses a basic encryption script to lock your files. This type of ransomware is known as CRYPTO. You'll need a decryption key in order to unlock your files. Your files will be deleted when the timer runs out, so you better hurry. You have 10 hours to find your key C'mon, be glad I don't ask for payment like other ransomware. Please visit: https://keys.zeznzo.nl and search for your IP/hostname to get your key. Kind regards, Zeznzo

URLs

https://keys.zeznzo.nl

Targets

- Target
  
  2025-03-30_644e136ccb39f10964f7b656f96dd144_black-basta_cobalt-strike_satacom
- Size
  
  11.8MB
- MD5
  
  644e136ccb39f10964f7b656f96dd144
- SHA1
  
  f3095cb5794501d3b206f343ca69a6713b61bd65
- SHA256
  
  54e7dd4f468545498d148fcc575e9df14a152d3f9f1cfaf49fca1fb5c529e782
- SHA512
  
  5e2c83a1e8b8c8c062f7aa77042bf3bd87c737817c8077e53d4cc80a4f793dba96b46af9e227d806a8eb144678338719f627bb215a6bb5eabbb48db07b28aa2a
- SSDEEP
  
  196608:sZlAG6ZeZ2jeC3b9fHr7DpFC4g0AVIGvO8ZJ9BIBxIFO48RmU/3ZlsPvmu7STvNY:6lCM14VvLgtIGZYXIotN3ZWL7STZ6jb
Score

10^/10

demonware ransomware
- DemonWare
  Ransomware first seen in mid-2020.
  ransomware demonware
- Demonware family
  demonware
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

Sharing

General

Malware Config

Extracted

Targets

Demonware family

Loads dropped DLL

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2