Overview
overview
10Static
static
3main.exe
windows10-2004-x64
1main.exe
windows11-21h2-x64
1ransom.exe
windows10-2004-x64
10ransom.exe
windows11-21h2-x64
10key_gen/main.exe
windows10-2004-x64
1key_gen/main.exe
windows11-21h2-x64
1key_gen/ransom.exe
windows10-2004-x64
9key_gen/ransom.exe
windows11-21h2-x64
9ransom/Rel...om.exe
windows10-2004-x64
6ransom/Rel...om.exe
windows11-21h2-x64
6ransom/ran...ts.vbs
windows10-2004-x64
1ransom/ran...ts.vbs
windows11-21h2-x64
1ransom/ran...hic.js
windows10-2004-x64
3ransom/ran...hic.js
windows11-21h2-x64
3ransom/ran...som.js
windows10-2004-x64
3ransom/ran...som.js
windows11-21h2-x64
3General
-
Target
439ff2060a600d666dafcf86f7ef8fea5ee0cca7e39521c986a3181d99ede61d.zip
-
Size
10.0MB
-
Sample
250701-jbvgaa1zat
-
MD5
0739c5c628cd9827ad276fcdeab6866d
-
SHA1
d35da3f4e36eebf36a130bc7e0182fc4c35cf551
-
SHA256
439ff2060a600d666dafcf86f7ef8fea5ee0cca7e39521c986a3181d99ede61d
-
SHA512
cbcc268a6ffd1d7da8454d9d19e5dadff2f6b82f7a24c71c600af9a1df43cd94c01189d5e6536058238ee3941cc263ba36b91bebb7cd9a46d2bc7a8af8975a8e
-
SSDEEP
196608:E41NwEkT12Yfagn1Xii8ag+1LH7oChw7nyHcJQTUqFXPRmehiK1oCu4Wm1sSS:EaNwz26JRxn1oChw7ny8JnIpmecKuchU
Static task
static1
Behavioral task
behavioral1
Sample
main.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral2
Sample
main.exe
Resource
win11-20250619-en
Behavioral task
behavioral3
Sample
ransom.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral4
Sample
ransom.exe
Resource
win11-20250619-en
Behavioral task
behavioral5
Sample
key_gen/main.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral6
Sample
key_gen/main.exe
Resource
win11-20250610-en
Behavioral task
behavioral7
Sample
key_gen/ransom.exe
Resource
win10v2004-20250619-en
Behavioral task
behavioral8
Sample
key_gen/ransom.exe
Resource
win11-20250619-en
Behavioral task
behavioral9
Sample
ransom/Release/ransom.exe
Resource
win10v2004-20250610-en
Behavioral task
behavioral10
Sample
ransom/Release/ransom.exe
Resource
win11-20250619-en
Behavioral task
behavioral11
Sample
ransom/ransom/Crypto/RSA/bigdigits.vbs
Resource
win10v2004-20250610-en
Behavioral task
behavioral12
Sample
ransom/ransom/Crypto/RSA/bigdigits.vbs
Resource
win11-20250619-en
Behavioral task
behavioral13
Sample
ransom/ransom/Cryptographic.js
Resource
win10v2004-20250610-en
Behavioral task
behavioral14
Sample
ransom/ransom/Cryptographic.js
Resource
win11-20250619-en
Behavioral task
behavioral15
Sample
ransom/ransom/ransom.js
Resource
win10v2004-20250610-en
Behavioral task
behavioral16
Sample
ransom/ransom/ransom.js
Resource
win11-20250619-en
Malware Config
Extracted
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache\CyberVolk_ReadMe.txt
https://t.me/cubervolk
Targets
-
-
Target
main.exe
-
Size
1.5MB
-
MD5
35815ae7affca262bcd6beabbdadebfd
-
SHA1
a9c0b358729aa7b383535b3e36d9cd5a8cb3bfd0
-
SHA256
60e2a4abcb80b43e6d2f04ea9a45a84b0a2fb0d238ae1a28eff6635527058362
-
SHA512
edd4559c049ee1acb4208139c45db43ca9b20591cd97bacebef7e800ac92e8c84cc4050bf0ef9f6ffc18d84d40242f494f28da69ee4e0139a37fb69c7e97bef1
-
SSDEEP
24576:TGuYQmUMWFV3QLXPOq9oVRHN2SSl7Ewf8JsU3Aot+Ec0xMkiqqIkFyBM2:quYQmUMqQLXPOqcUlgUqqIkFyBM2
Score1/10 -
-
-
Target
ransom.exe
-
Size
7.8MB
-
MD5
648bd793d9e54fc2741e0ba10980c7de
-
SHA1
f5d0c94b2be91342dc01ecf2f89e7e6f21a74b90
-
SHA256
102276ae1f518745695fe8f291bf6e69856b91723244881561bb1a2338d54b12
-
SHA512
d1428b934a360d7f3651947d11081892c93c7cd29a17dc38190cbb46c95939928ac6f805adf586be2937e27fc20aec8bd1fc2c782c681e7e94e9e8d33b8ebf15
-
SSDEEP
98304:9+v9K8MgmB4oIWcCJ3ZZVL8oYi5lTkZkmla1DXL:S4uWcCT9Gzl
-
Renames multiple (2780) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
-
-
Target
key_gen/main.exe
-
Size
1.5MB
-
MD5
7eb6773d9638b1d263d834929ec60b0a
-
SHA1
159e04e548929ea4a25d0e49577db437f2b91f6b
-
SHA256
2bed83dc64f3163f6239c4e744285c2e4aebaf6720aef92ae2c3de17e1dee591
-
SHA512
9f20f69baba59e5b54ca64dac8646a829f8123153879320d51e54829ff614b1c4db0ea527e712c2abab5ce15d080d9d6343632cdf50f0090b1cd6ba45cfb84e1
-
SSDEEP
24576:nGuYQmUMWFV3QLXPOq9oVRHN2SSl7Ewf8JsU3Aot+Ec0xMkiqqIkFyBM2:GuYQmUMqQLXPOqcUlgUqqIkFyBM2
Score1/10 -
-
-
Target
key_gen/ransom.exe
-
Size
6.4MB
-
MD5
38fb9ac2e51d04182faf81afbef08ab8
-
SHA1
1f325950a7a8e1a2050e954f33d2c3774510bd6e
-
SHA256
1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44
-
SHA512
8af5062d6d133379b0ad87439cdf99fc98bff266f03c0a831f84c0c41224c7a97e8e0a5583e8d4b24c04edd0bc6099646ebea3388ffe2fe7917b709604e63406
-
SSDEEP
6144:iODh8y70MgJ+j2ZsKmj82uGBOOGHO0GL2g6VzxazESJx2sYMLoI4H4voKJ+QtDeJ:ik70MZMc0RdQtzH8lhwFbZgaOm
Score9/10-
Renames multiple (181) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
-
-
Target
ransom/Release/ransom.exe
-
Size
6.4MB
-
MD5
626fab8275d8d8e841bc9a08b208201e
-
SHA1
197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c
-
SHA256
e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458
-
SHA512
e106cf78731d9a8e75b5e76ecf881bb12262f13b05b805e89f3bede061a4a1ebb738d7a7631fb51801d95717ca34dabb12f7ed4826e6812ceadb0bad98fcb0d0
-
SSDEEP
6144:o3j7hJkMepmEfZsVOM7pNbDMuoKJ+QtDeQYizHMTlaw81FRx3JmfBcOmg:o3nkMS2R6RdQtzH8lhwFbZgaOm
Score6/10-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
-
-
Target
ransom/ransom/Crypto/RSA/bigdigits.cpp
-
Size
63KB
-
MD5
3e0a3f373f4a2d3d3f1bfedd9664e025
-
SHA1
db2d1b3b8a7837c3885ec2847ec3e2ea25466377
-
SHA256
99abd8ecbb4065d298f538e37f0add1a74a220e408f9c9ff04dac1818c36b68a
-
SHA512
b2dbf5240b4bba4fce26bfd516470215cef30c5aaea89506617631f2c1e9ca72f822fd97b0750eaceaf8a453dc076ea5e0d3b13bfa0b9beab30031719fb8040e
-
SSDEEP
768:saW+6Rog0y0Rsj3wGtqyNtkmn/geq4a5jkfOAPeuZ5bEWXKX+i/:sSg0ZRsJfNgpplA8X+Y
Score1/10 -
-
-
Target
ransom/ransom/Cryptographic.cpp
-
Size
14KB
-
MD5
49e7da650f02da4ebfaa7fc4d3a8f1be
-
SHA1
d340e503066bda995221d8bbd53dd24f50caf79e
-
SHA256
bacbd17dcbc437e29dd1e32877490d4832449de9a80821601a346ab0c483fc63
-
SHA512
cc632ab77f0308c008b74d9260af6dcb3ffb37644bcdac3c2bbcc1f5faf7292113bc41ed883ff6228855ce5ea6cec6ab3841710cced78a4e6ed6cd3ef27eabbf
-
SSDEEP
192:+jMQG6FbhB4BxpLU7UIoUhRW+06Riepc8B7LRipLsSIi/DT0fLwi8A705Bo8RM+V:EFbh2B3GoX6Riepck8R9geUqt
Score3/10 -
-
-
Target
ransom/ransom/ransom.cpp
-
Size
21KB
-
MD5
47992b7fb1047c95b04c79436df96011
-
SHA1
1368d1ceeaed6333753c4ae61188ccc320ea17e6
-
SHA256
1c64a0eb0846e5c4c402130185362ed85952603ef2ee24c2466953f67b819e22
-
SHA512
cec52496b839be3f458d71a140ef7ded74ed158c64d1837dbc3622839d2fe5c762df253635bb94770ab9543708a898faf2a98c666d760347ad28207fad2db30b
-
SSDEEP
384:y3xgWKN4ceDnFilRfDOzapvqsMtmkqVsd27roffpXRnXHURvD:2uNNeURf8a9zsd27yf0Rr
Score3/10 -
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1