RansomHouse encryptor malware analysis — ShadowStackRE
Tags
attack-pattern: Data File And Directory Discovery - T1420 Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 File And Directory Discovery - T1083
Show in Graph
Common Information
Type Value
UUID 5ab80926-30a9-4dc8-a7e6-fe24b03489e0
Fingerprint bf0a9a13a6a906d0
Analysis status DONE
Considered CTI value 1
Text language
Published Feb. 20, 2024, midnight
Added to db Aug. 31, 2024, 10:56 a.m.
Last updated Nov. 12, 2024, 11:51 a.m.
Headline RansomHouse Ransomware
Title RansomHouse encryptor malware analysis — ShadowStackRE
Detected Hints/Tags/Attributes 51/1/7
Source URLs
Redirection Url
Details Source https://www.shadowstackre.com/analysis/ransomhouse
URL Provider
Details Provider Source level domain
Details shadowstackre.com www.shadowstackre.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 434 ShadowStackRE https://www.shadowstackre.com/analysis?format=rss 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 10 
shadowstackre.com
Details Domain 18 
opensource.org
Details File 140 
files.txt
Details sha256 1 
afe398e95a75beb4b0508c1bbf7268e8607d03776af0b68386d1e2058b374501
Details Url 1 
https://www.virustotal.com/gui/file/afe398e95a75beb4b0508c1bbf7268e8607d03776af0b68386d1e2058b374501/details
Details Url 10 
https://opensource.org/license/mit
Details Yara rule 1 
rule RansomHouse {
	meta:
		description = "rule to detect RansomHouse"
		author = "ShadowStackRe.com"
		date = "2024-02-20"
		Rule_Version = "v1"
		malware_type = "ransomware"
		malware_family = "RansomHouse"
		License = "MIT License, https://opensource.org/license/mit/"
	strings:
		$strFileExt = ".emario"
		$strRestore = "How To Restore Your Files.txt"
		$strEncrypted = "/path/to/be/encrypted"
		$strCrypted = "Crypted:"
	condition:
		filesize < 100KB and all of ($str*)
}