General

  • Target

    yhrtfweadqwa.exe

  • Size

    4.0MB

  • Sample

    220421-ytrknsdbbp

  • MD5

    9e5ab0afc9796bbed8ca5a2f683aae01

  • SHA1

    7063aaa1901e0ae659c32d33b866684d8282b0d7

  • SHA256

    648e092b2cea4d5640f151203911536056abcb6a16d0de391528e9bd8842b940

  • SHA512

    7e00d93ad0b2c54e2a6a86eec37bf654c580ecd68804fa3275fe3072db8eb9ecdcf06c4e01ac74907a631427a418c3a4160625c659fa5615c9ef47052a3dbf30

Malware Config

Targets

    • Target

      yhrtfweadqwa.exe

    • Size

      4.0MB

    • MD5

      9e5ab0afc9796bbed8ca5a2f683aae01

    • SHA1

      7063aaa1901e0ae659c32d33b866684d8282b0d7

    • SHA256

      648e092b2cea4d5640f151203911536056abcb6a16d0de391528e9bd8842b940

    • SHA512

      7e00d93ad0b2c54e2a6a86eec37bf654c580ecd68804fa3275fe3072db8eb9ecdcf06c4e01ac74907a631427a418c3a4160625c659fa5615c9ef47052a3dbf30

    • LoaderBot

      LoaderBot is a loader written in .NET downloading and executing miners.

    • suricata: ET MALWARE CerberTear Ransomware CnC Checkin

      suricata: ET MALWARE CerberTear Ransomware CnC Checkin

    • LoaderBot executable

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.