General
-
Target
5729b6172d5b65e39eefa0466fb7ab63eeda116e82250bcd4755e55dc932f34f
-
Size
149KB
-
Sample
220725-at5wasfecm
-
MD5
1d864d76040af03041850d855b3b4430
-
SHA1
136ffd632fde395f42db66d698ebd03c105ed78f
-
SHA256
5729b6172d5b65e39eefa0466fb7ab63eeda116e82250bcd4755e55dc932f34f
-
SHA512
96ea45088713a4149cfb96034637d405ad78abba6d6332b3459fecc649e2fcdcfa0bee6acfeb8cd971bec88d2c2cd80ee4e6656d95ad95542c25f2f0c9232721
Static task
static1
Behavioral task
behavioral1
Sample
5729b6172d5b65e39eefa0466fb7ab63eeda116e82250bcd4755e55dc932f34f.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
5729b6172d5b65e39eefa0466fb7ab63eeda116e82250bcd4755e55dc932f34f.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5729b6172d5b65e39eefa0466fb7ab63eeda116e82250bcd4755e55dc932f34f
-
Size
149KB
-
MD5
1d864d76040af03041850d855b3b4430
-
SHA1
136ffd632fde395f42db66d698ebd03c105ed78f
-
SHA256
5729b6172d5b65e39eefa0466fb7ab63eeda116e82250bcd4755e55dc932f34f
-
SHA512
96ea45088713a4149cfb96034637d405ad78abba6d6332b3459fecc649e2fcdcfa0bee6acfeb8cd971bec88d2c2cd80ee4e6656d95ad95542c25f2f0c9232721
-
suricata: ET MALWARE Ransomware/Cerber Checkin 2
suricata: ET MALWARE Ransomware/Cerber Checkin 2
-
suricata: ET MALWARE Ransomware/Cerber Checkin M3 (10)
suricata: ET MALWARE Ransomware/Cerber Checkin M3 (10)
-
suricata: ET MALWARE Ransomware/Cerber Checkin M3 (2)
suricata: ET MALWARE Ransomware/Cerber Checkin M3 (2)
-
Contacts a large (16386) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (16396) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies boot configuration data using bcdedit
-
Adds policy Run key to start application
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Modifies file permissions
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-