General
-
Target
56cea55f1b3c776895f6fc2097abbd48685b13e120adb1b2f8349405313081bb
-
Size
261KB
-
Sample
220725-b2frtahfbk
-
MD5
143f1e1c988be32c56b6f3d8544a4e3c
-
SHA1
b1f558b4b7c77e934ab9bb3257f5256457ca43ae
-
SHA256
56cea55f1b3c776895f6fc2097abbd48685b13e120adb1b2f8349405313081bb
-
SHA512
97892c773e998253277a0a388665d8c84cac6e9d4f487b7b84e06b488112e288638d91721079ca6321491562534c54671ce8369e63ad8c5fe80a9d461a80090e
Malware Config
Targets
-
-
Target
56cea55f1b3c776895f6fc2097abbd48685b13e120adb1b2f8349405313081bb
-
Size
261KB
-
MD5
143f1e1c988be32c56b6f3d8544a4e3c
-
SHA1
b1f558b4b7c77e934ab9bb3257f5256457ca43ae
-
SHA256
56cea55f1b3c776895f6fc2097abbd48685b13e120adb1b2f8349405313081bb
-
SHA512
97892c773e998253277a0a388665d8c84cac6e9d4f487b7b84e06b488112e288638d91721079ca6321491562534c54671ce8369e63ad8c5fe80a9d461a80090e
Score10/10-
suricata: ET MALWARE Ransomware/Cerber Checkin 2
suricata: ET MALWARE Ransomware/Cerber Checkin 2
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Contacts a large (512) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (525) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Suspicious use of SetThreadContext
-