Overview

overview

10

Static

static

1

575a2d86b2...b4.exe

windows7-x64

10

575a2d86b2...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    575a2d86b2ce4748295486e6e23577115a3865c9599f2f10fd89d295da824cb4

  • Size

    268KB

  • Sample

    220724-27ttqscffk

  • MD5

    0680cff012a9f043fb831ab21244f7ee

  • SHA1

    017a0dd7d4e5ec693a3e20592957b46c3840b7fc

  • SHA256

    575a2d86b2ce4748295486e6e23577115a3865c9599f2f10fd89d295da824cb4

  • SHA512

    770d51eea1194d86882f9e28800a4e0d654ac083e49d5db32fb347ad6e722432be7acb4031468cdcbbe52ad7c90b81fbe3b751055a9a7ef6d8926faa563360f3

Score
10/10
discoveryransomwarespywarestealersuricata

Malware Config

Targets

    • Target

      575a2d86b2ce4748295486e6e23577115a3865c9599f2f10fd89d295da824cb4

    • Size

      268KB

    • MD5

      0680cff012a9f043fb831ab21244f7ee

    • SHA1

      017a0dd7d4e5ec693a3e20592957b46c3840b7fc

    • SHA256

      575a2d86b2ce4748295486e6e23577115a3865c9599f2f10fd89d295da824cb4

    • SHA512

      770d51eea1194d86882f9e28800a4e0d654ac083e49d5db32fb347ad6e722432be7acb4031468cdcbbe52ad7c90b81fbe3b751055a9a7ef6d8926faa563360f3

    Score
    10/10
    discoveryransomwarespywarestealersuricata

    • suricata: ET MALWARE Ransomware/Cerber Checkin 2

      suricata: ET MALWARE Ransomware/Cerber Checkin 2

      suricata

    • suricata: ET MALWARE Ransomware/Cerber Checkin M3 (15)

      suricata: ET MALWARE Ransomware/Cerber Checkin M3 (15)

      suricata

    • suricata: ET MALWARE Ransomware/Cerber Checkin M3 (8)

      suricata: ET MALWARE Ransomware/Cerber Checkin M3 (8)

      suricata

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Contacts a large (512) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Contacts a large (521) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

1
T1107

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Network Service Scanning

2
T1046

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Inhibit System Recovery

1
T1490

Defacement

1
T1491

Tasks