Helldown, DoNex & Darktrace Ransomware
Common Information
Type Value
UUID 4a249799-511a-4df6-8e2f-da391270f450
Fingerprint 6524a0e37476464f
Analysis status DONE
Considered CTI value 2
Text language
Published Nov. 27, 2024, 7:22 p.m.
Added to db Nov. 27, 2024, 8:35 p.m.
Last updated Dec. 11, 2024, 1:21 a.m.
Headline Helldown, DoNex & Darktrace Ransomware
Title Helldown, DoNex & Darktrace Ransomware
Detected Hints/Tags/Attributes 26/1/36
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 167 Cybersecurity on Medium https://medium.com/feed/tag/cybersecurity 2024-08-30 22:08
Details 171 Malware on Medium https://medium.com/feed/tag/malware 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 279
www.virustotal.com
Details Domain 4
onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion
Details Domain 4
qtox.github.io
Details Domain 182
www.torproject.org
Details Domain 3
20017623529.zip
Details File 64
1.bat
Details File 3
7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7.exe
Details File 3
c:\users\admin\appdata\local\temp\7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7.exe
Details File 5
c:\programdata\1.bat
Details File 5
c:\windows\syswow64\taskkill.exe
Details File 2196
cmd.exe
Details File 145
conhost.exe
Details File 21
logonui.exe
Details File 6
fgqogsxf.txt
Details File 3
c:\users\admin\appdata\local\temp\3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e.exe
Details File 3
ckze.txt
Details File 4
xx.ico
Details File 3
donex.exe
Details File 79
ping.exe
Details File 3
20017623529.zip
Details sha256 7
7cd7c04c62d2a8b4697ceebbe7dd95c910d687e4a6989c1d839117e55c1cafd7
Details sha256 6
0bfe25de8c46834e9a7c216f99057d855e272eafafdfef98a6012cecbbdcfabf
Details sha256 7
3e3fad9888856ce195c9c239ad014074f687ba288c78ef26660be93ddd97289e
Details sha256 3
a02ef4063430d0607e0e7b23ea7c5bf19fad9a09a12565c6745b350b00362be6
Details sha256 7
cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea
Details sha256 4
6d6134adfdf16c8ed9513aba40845b15bd314e085ef1d6bd20040afd42e36e40
Details sha256 6
0ec61a80e61f56f460fc42e5d4f0accec2b04c8db98c28ed4534946214076f2a
Details IPv4 3
173.194.195.94
Details IPv4 1498
127.0.0.1
Details Url 3
https://www.virustotal.com/graph/g65c30b9f90a74764b2de211896df55fc37cc20e964194fb390f6eaf0970af9f2
Details Url 3
https://www.virustotal.com/gui/file/cb48e4298b216ae532cfd3c89c8f2cbd1e32bb402866d2c81682c6671aa4f8ea/detection
Details Url 3
https://www.virustotal.com/gui/file/6d6134adfdf16c8ed9513aba40845b15bd314e085ef1d6bd20040afd42e36e40/community
Details Url 3
https://www.virustotal.com/gui/file/0ec61a80e61f56f460fc42e5d4f0accec2b04c8db98c28ed4534946214076f2a/behavior
Details Url 3
http://onyxcym4mjilrsptk5uo2dhesbwntuban55mvww2olk5ygqafhu3i3yd.onion
Details Url 3
https://qtox.github.io
Details Url 66
https://www.torproject.org