General

  • Target

    56cea55f1b3c776895f6fc2097abbd48685b13e120adb1b2f8349405313081bb

  • Size

    261KB

  • Sample

    220725-b2frtahfbk

  • MD5

    143f1e1c988be32c56b6f3d8544a4e3c

  • SHA1

    b1f558b4b7c77e934ab9bb3257f5256457ca43ae

  • SHA256

    56cea55f1b3c776895f6fc2097abbd48685b13e120adb1b2f8349405313081bb

  • SHA512

    97892c773e998253277a0a388665d8c84cac6e9d4f487b7b84e06b488112e288638d91721079ca6321491562534c54671ce8369e63ad8c5fe80a9d461a80090e

Malware Config

Targets

    • Target

      56cea55f1b3c776895f6fc2097abbd48685b13e120adb1b2f8349405313081bb

    • Size

      261KB

    • MD5

      143f1e1c988be32c56b6f3d8544a4e3c

    • SHA1

      b1f558b4b7c77e934ab9bb3257f5256457ca43ae

    • SHA256

      56cea55f1b3c776895f6fc2097abbd48685b13e120adb1b2f8349405313081bb

    • SHA512

      97892c773e998253277a0a388665d8c84cac6e9d4f487b7b84e06b488112e288638d91721079ca6321491562534c54671ce8369e63ad8c5fe80a9d461a80090e

    • suricata: ET MALWARE Ransomware/Cerber Checkin 2

      suricata: ET MALWARE Ransomware/Cerber Checkin 2

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Contacts a large (512) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Contacts a large (525) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks