01da9c63f98e7797e7b9c2c67cac2ea338a05a3cdae968f27667ec8f778507f6 | Triage

Submit
Reports

Overview

overview

Static

static

01da9c63f9...f6.exe

windows7_x64

01da9c63f9...f6.exe

windows10-2004_x64

Sharing

General

Target

01da9c63f98e7797e7b9c2c67cac2ea338a05a3cdae968f27667ec8f778507f6
Size

274KB
Sample

220523-v88kyscdhq
MD5

1871068c7c46fa590774e55dc48f5c01
SHA1

6404f22112a9649cf48043907670d496446c3ad0
SHA256

01da9c63f98e7797e7b9c2c67cac2ea338a05a3cdae968f27667ec8f778507f6
SHA512

0655eda913675831b59e6d3bda200e48b6aba479ab2c281d6f3980309fd892a9abab5084cab3425a327f4482512cd2a3c308b6bbcd1fd50c554d983ed3c8ec42

Score

10^/10

discovery ransomware spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

01da9c63f98e7797e7b9c2c67cac2ea338a05a3cdae968f27667ec8f778507f6.exe

Resource

win7-20220414-en

discovery ransomware spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

01da9c63f98e7797e7b9c2c67cac2ea338a05a3cdae968f27667ec8f778507f6.exe

Resource

win10v2004-20220414-en

discovery ransomware spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  01da9c63f98e7797e7b9c2c67cac2ea338a05a3cdae968f27667ec8f778507f6
- Size
  
  274KB
- MD5
  
  1871068c7c46fa590774e55dc48f5c01
- SHA1
  
  6404f22112a9649cf48043907670d496446c3ad0
- SHA256
  
  01da9c63f98e7797e7b9c2c67cac2ea338a05a3cdae968f27667ec8f778507f6
- SHA512
  
  0655eda913675831b59e6d3bda200e48b6aba479ab2c281d6f3980309fd892a9abab5084cab3425a327f4482512cd2a3c308b6bbcd1fd50c554d983ed3c8ec42
Score

10^/10

discovery ransomware spyware stealer suricata
- suricata: ET MALWARE Ransomware/Cerber Checkin 2
  suricata: ET MALWARE Ransomware/Cerber Checkin 2
  suricata
- suricata: ET MALWARE Ransomware/Cerber Checkin M3 (16)
  suricata: ET MALWARE Ransomware/Cerber Checkin M3 (16)
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Contacts a large (512) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (523) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Network Service Scanning

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryransomwarespywarestealersuricata

behavioral2

discoveryransomwarespywarestealersuricata

© 2018-2024

Terms | Privacy