0203070e9b8d76e5aab491360a9c246024a00ee67c70e5e83f278d20d6910c77 | Triage

Submit
Reports

Overview

overview

Static

static

0203070e9b...77.exe

windows7_x64

0203070e9b...77.exe

windows10-2004_x64

Sharing

General

Target

0203070e9b8d76e5aab491360a9c246024a00ee67c70e5e83f278d20d6910c77
Size

473KB
Sample

220523-verqcaffh9
MD5

2fef23803b3c3d6b3bab1d9525ca84cb
SHA1

60f48f81c1c48260fe705a67c3987a94ebbc3a68
SHA256

0203070e9b8d76e5aab491360a9c246024a00ee67c70e5e83f278d20d6910c77
SHA512

2eaba8a5d94ca45c412b969a391edf8ae2e30f18eebd593c42f20d2255978fdd833ad74cae0256ca362ee4b2fbf783c214976f9724680179405c00a08f8c5e61

Score

10^/10

discovery ransomware spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

0203070e9b8d76e5aab491360a9c246024a00ee67c70e5e83f278d20d6910c77.exe

Resource

win7-20220414-en

discovery ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0203070e9b8d76e5aab491360a9c246024a00ee67c70e5e83f278d20d6910c77.exe

Resource

win10v2004-20220414-en

discovery ransomware spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0203070e9b8d76e5aab491360a9c246024a00ee67c70e5e83f278d20d6910c77
- Size
  
  473KB
- MD5
  
  2fef23803b3c3d6b3bab1d9525ca84cb
- SHA1
  
  60f48f81c1c48260fe705a67c3987a94ebbc3a68
- SHA256
  
  0203070e9b8d76e5aab491360a9c246024a00ee67c70e5e83f278d20d6910c77
- SHA512
  
  2eaba8a5d94ca45c412b969a391edf8ae2e30f18eebd593c42f20d2255978fdd833ad74cae0256ca362ee4b2fbf783c214976f9724680179405c00a08f8c5e61
Score

10^/10

discovery ransomware suricata spyware stealer
- suricata: ET MALWARE Ransomware/Cerber Checkin 2
  suricata: ET MALWARE Ransomware/Cerber Checkin 2
  suricata
- suricata: ET MALWARE Ransomware/Cerber Checkin M3 (10)
  suricata: ET MALWARE Ransomware/Cerber Checkin M3 (10)
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Contacts a large (512) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (524) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Network Service Scanning

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

discoveryransomwaresuricata

behavioral2

discoveryransomwarespywarestealersuricata

© 2018-2024

Terms | Privacy