DoppelPaymer | Threat Level: critical | Type: Ransomware

Cryptographic Identifiers

SHA25660ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103
MD5d9323030a956da910890de94d0b590ab
File Typeexe
Size3644.0 KB
First Seen2020-09-09
File Name60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103
TagsDoppelpaymer, Dridex, Ransomware

Malware Family: DoppelPaymer

DoppelPaymer, Evil Corp ile bağlantılıdır.

TypeRansomware
Programming LanguageC++
Target PlatformWindows
C2 Protocol
PurposeEvil Corp ransomware
First Seen Year2019

Threat Indicators (IOC)

  • SHA256: 60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103
  • MD5: d9323030a956da910890de94d0b590ab

You can verify all hash values of this sample on VirusTotal.

System Cleanup Guide

  1. Sistemi ağdan DERHAL ayırın — diğer cihazlara yayılmayı durdurun
  2. Do not pay the ransom — there is no guarantee your files will be restored
  3. Quarantine the affected drives
  4. Kullanılan fidye yazılımı ailesini belirleyin (nomoreransom.org)
  5. Try available decryptor tools (the NoMoreRansom project)
  6. Report the incident to the authorities (cybercrime unit)
  7. Temiz bir yedekten kurtarın; yedeğiniz yoksa sürücüyü saklayın

YARA Rule Hints

rule DoppelPaymer_SHA256 {
    meta:
        description = "DoppelPaymer sample: 60ab87df9a77924e"
        threat_level = "critical"
        first_seen = "2020-09-09"
    condition:
        hash.sha256(0, filesize) == "60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103"
}

DoppelPaymer — Malware Profile

DoppelPaymer, Evil Corp ile bağlantılıdır.

Malware Type
Ransomware
Programming Language
C++
C2 Protocol
Target Systems
Windows

Capabilities & Behavior

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOC List (2 indicators)

IOC — DoppelPaymer
# SHA256 60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103 # MD5 d9323030a956da910890de94d0b590ab
TypeValueNote
sha256 60ab87df9a77924e9f12484fa94f63fa4bb4c646072cf4b002492f59b1ee0103 Sample:DoppelPaymer
md5 d9323030a956da910890de94d0b590ab Sample:DoppelPaymer
Tags
doppelpaymerransomwaremalwarecriticalsha256hash-analizi