General
-
Target
01dace0158978bb8672459d3012ded3b5dbb3d9504f16507381598e783ee0c34
-
Size
263KB
-
Sample
220523-v84l1acdhm
-
MD5
81deb3b71b3f44659347350f6d39dd05
-
SHA1
c4c1a407b6d2596bf55f352e2d013fe985e62990
-
SHA256
01dace0158978bb8672459d3012ded3b5dbb3d9504f16507381598e783ee0c34
-
SHA512
fd8e19458754cf11522b9811b07ebbbec4da12ec9ec056df2d8de771fb96cce0b169de8dd0a4443296dd467f0b2063fe837e961fc4bec83e0b800021caff408f
Static task
static1
Behavioral task
behavioral1
Sample
01dace0158978bb8672459d3012ded3b5dbb3d9504f16507381598e783ee0c34.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
01dace0158978bb8672459d3012ded3b5dbb3d9504f16507381598e783ee0c34.exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
01dace0158978bb8672459d3012ded3b5dbb3d9504f16507381598e783ee0c34
-
Size
263KB
-
MD5
81deb3b71b3f44659347350f6d39dd05
-
SHA1
c4c1a407b6d2596bf55f352e2d013fe985e62990
-
SHA256
01dace0158978bb8672459d3012ded3b5dbb3d9504f16507381598e783ee0c34
-
SHA512
fd8e19458754cf11522b9811b07ebbbec4da12ec9ec056df2d8de771fb96cce0b169de8dd0a4443296dd467f0b2063fe837e961fc4bec83e0b800021caff408f
-
Modifies visiblity of hidden/system files in Explorer
-
suricata: ET MALWARE Ransomware/Cerber Checkin 2
suricata: ET MALWARE Ransomware/Cerber Checkin 2
-
Modifies boot configuration data using bcdedit
-
Adds policy Run key to start application
-
Contacts a large (514) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (526) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-