General

  • Target

    439ff2060a600d666dafcf86f7ef8fea5ee0cca7e39521c986a3181d99ede61d.zip

  • Size

    10.0MB

  • Sample

    250701-jbvgaa1zat

  • MD5

    0739c5c628cd9827ad276fcdeab6866d

  • SHA1

    d35da3f4e36eebf36a130bc7e0182fc4c35cf551

  • SHA256

    439ff2060a600d666dafcf86f7ef8fea5ee0cca7e39521c986a3181d99ede61d

  • SHA512

    cbcc268a6ffd1d7da8454d9d19e5dadff2f6b82f7a24c71c600af9a1df43cd94c01189d5e6536058238ee3941cc263ba36b91bebb7cd9a46d2bc7a8af8975a8e

  • SSDEEP

    196608:E41NwEkT12Yfagn1Xii8ag+1LH7oChw7nyHcJQTUqFXPRmehiK1oCu4Wm1sSS:EaNwz26JRxn1oChw7ny8JnIpmecKuchU

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\Cache\CyberVolk_ReadMe.txt

Ransom Note
Greetings. All your files have been encrypted by CyberVolk ransomware. Please never try to recover your files without decryption key which I give you after pay. They could be disappeared� You should follow my words. Pay $1000 BTC to below address. My telegram : @hacker7 Our Team : https://t.me/cubervolk We always welcome you and your payment.
URLs

https://t.me/cubervolk

Targets

    • Target

      main.exe

    • Size

      1.5MB

    • MD5

      35815ae7affca262bcd6beabbdadebfd

    • SHA1

      a9c0b358729aa7b383535b3e36d9cd5a8cb3bfd0

    • SHA256

      60e2a4abcb80b43e6d2f04ea9a45a84b0a2fb0d238ae1a28eff6635527058362

    • SHA512

      edd4559c049ee1acb4208139c45db43ca9b20591cd97bacebef7e800ac92e8c84cc4050bf0ef9f6ffc18d84d40242f494f28da69ee4e0139a37fb69c7e97bef1

    • SSDEEP

      24576:TGuYQmUMWFV3QLXPOq9oVRHN2SSl7Ewf8JsU3Aot+Ec0xMkiqqIkFyBM2:quYQmUMqQLXPOqcUlgUqqIkFyBM2

    Score
    1/10
    • Target

      ransom.exe

    • Size

      7.8MB

    • MD5

      648bd793d9e54fc2741e0ba10980c7de

    • SHA1

      f5d0c94b2be91342dc01ecf2f89e7e6f21a74b90

    • SHA256

      102276ae1f518745695fe8f291bf6e69856b91723244881561bb1a2338d54b12

    • SHA512

      d1428b934a360d7f3651947d11081892c93c7cd29a17dc38190cbb46c95939928ac6f805adf586be2937e27fc20aec8bd1fc2c782c681e7e94e9e8d33b8ebf15

    • SSDEEP

      98304:9+v9K8MgmB4oIWcCJ3ZZVL8oYi5lTkZkmla1DXL:S4uWcCT9Gzl

    • Renames multiple (2780) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Credentials from Password Stores: Windows Credential Manager

      Suspicious access to Credentials History.

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

    • Target

      key_gen/main.exe

    • Size

      1.5MB

    • MD5

      7eb6773d9638b1d263d834929ec60b0a

    • SHA1

      159e04e548929ea4a25d0e49577db437f2b91f6b

    • SHA256

      2bed83dc64f3163f6239c4e744285c2e4aebaf6720aef92ae2c3de17e1dee591

    • SHA512

      9f20f69baba59e5b54ca64dac8646a829f8123153879320d51e54829ff614b1c4db0ea527e712c2abab5ce15d080d9d6343632cdf50f0090b1cd6ba45cfb84e1

    • SSDEEP

      24576:nGuYQmUMWFV3QLXPOq9oVRHN2SSl7Ewf8JsU3Aot+Ec0xMkiqqIkFyBM2:GuYQmUMqQLXPOqcUlgUqqIkFyBM2

    Score
    1/10
    • Target

      key_gen/ransom.exe

    • Size

      6.4MB

    • MD5

      38fb9ac2e51d04182faf81afbef08ab8

    • SHA1

      1f325950a7a8e1a2050e954f33d2c3774510bd6e

    • SHA256

      1363c8871061ff83ed3dd0fe025b274442d5c30898c02bdfd4981717f4f33b44

    • SHA512

      8af5062d6d133379b0ad87439cdf99fc98bff266f03c0a831f84c0c41224c7a97e8e0a5583e8d4b24c04edd0bc6099646ebea3388ffe2fe7917b709604e63406

    • SSDEEP

      6144:iODh8y70MgJ+j2ZsKmj82uGBOOGHO0GL2g6VzxazESJx2sYMLoI4H4voKJ+QtDeJ:ik70MZMc0RdQtzH8lhwFbZgaOm

    Score
    9/10
    • Renames multiple (181) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

    • Target

      ransom/Release/ransom.exe

    • Size

      6.4MB

    • MD5

      626fab8275d8d8e841bc9a08b208201e

    • SHA1

      197d5c9c5cbf53ed3e78d53a008b6ad665fa3e4c

    • SHA256

      e26db13a9660555448acb7591f382b480b0252d19e3ad6c6678ba5e1f03d6458

    • SHA512

      e106cf78731d9a8e75b5e76ecf881bb12262f13b05b805e89f3bede061a4a1ebb738d7a7631fb51801d95717ca34dabb12f7ed4826e6812ceadb0bad98fcb0d0

    • SSDEEP

      6144:o3j7hJkMepmEfZsVOM7pNbDMuoKJ+QtDeQYizHMTlaw81FRx3JmfBcOmg:o3nkMS2R6RdQtzH8lhwFbZgaOm

    Score
    6/10
    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

    • Target

      ransom/ransom/Crypto/RSA/bigdigits.cpp

    • Size

      63KB

    • MD5

      3e0a3f373f4a2d3d3f1bfedd9664e025

    • SHA1

      db2d1b3b8a7837c3885ec2847ec3e2ea25466377

    • SHA256

      99abd8ecbb4065d298f538e37f0add1a74a220e408f9c9ff04dac1818c36b68a

    • SHA512

      b2dbf5240b4bba4fce26bfd516470215cef30c5aaea89506617631f2c1e9ca72f822fd97b0750eaceaf8a453dc076ea5e0d3b13bfa0b9beab30031719fb8040e

    • SSDEEP

      768:saW+6Rog0y0Rsj3wGtqyNtkmn/geq4a5jkfOAPeuZ5bEWXKX+i/:sSg0ZRsJfNgpplA8X+Y

    Score
    1/10
    • Target

      ransom/ransom/Cryptographic.cpp

    • Size

      14KB

    • MD5

      49e7da650f02da4ebfaa7fc4d3a8f1be

    • SHA1

      d340e503066bda995221d8bbd53dd24f50caf79e

    • SHA256

      bacbd17dcbc437e29dd1e32877490d4832449de9a80821601a346ab0c483fc63

    • SHA512

      cc632ab77f0308c008b74d9260af6dcb3ffb37644bcdac3c2bbcc1f5faf7292113bc41ed883ff6228855ce5ea6cec6ab3841710cced78a4e6ed6cd3ef27eabbf

    • SSDEEP

      192:+jMQG6FbhB4BxpLU7UIoUhRW+06Riepc8B7LRipLsSIi/DT0fLwi8A705Bo8RM+V:EFbh2B3GoX6Riepck8R9geUqt

    Score
    3/10
    • Target

      ransom/ransom/ransom.cpp

    • Size

      21KB

    • MD5

      47992b7fb1047c95b04c79436df96011

    • SHA1

      1368d1ceeaed6333753c4ae61188ccc320ea17e6

    • SHA256

      1c64a0eb0846e5c4c402130185362ed85952603ef2ee24c2466953f67b819e22

    • SHA512

      cec52496b839be3f458d71a140ef7ded74ed158c64d1837dbc3622839d2fe5c762df253635bb94770ab9543708a898faf2a98c666d760347ad28207fad2db30b

    • SSDEEP

      384:y3xgWKN4ceDnFilRfDOzapvqsMtmkqVsd27roffpXRnXHURvD:2uNNeURf8a9zsd27yf0Rr

    Score
    3/10

MITRE ATT&CK Enterprise v16

Tasks