d01226b2f65505ea6fd98deaa92f3d48e50457e0264e4c636b71d53001eee048 | Triage

Submit
Reports

Overview

overview

Static

static

ReadMe.cmd

windows10-2004-x64

Sharing

General

Target

ReadMe.cmd
Size

18KB
Sample

220725-bcqwgsgdfl
MD5

9604df2bffd72ef6202287cf4f00ba9e
SHA1

a4e5f57b19e3afe88843dd1a41cdd1eee82f0fee
SHA256

d01226b2f65505ea6fd98deaa92f3d48e50457e0264e4c636b71d53001eee048
SHA512

d5c09ed8fac89aafb2f7b28732c802c88ac005437213633a671d79c0250ec662e46c96ed1b13312546d775b10e9885a16222cd8e379b516b5b2c4496e653ef58

Score

10^/10

persistence ransomware spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

ReadMe.cmd

Resource

win10v2004-20220721-en

persistence ransomware spyware stealer suricata

windows10-2004-x64

22 signatures

300 seconds

Malware Config

Targets

- Target
  
  ReadMe.cmd
- Size
  
  18KB
- MD5
  
  9604df2bffd72ef6202287cf4f00ba9e
- SHA1
  
  a4e5f57b19e3afe88843dd1a41cdd1eee82f0fee
- SHA256
  
  d01226b2f65505ea6fd98deaa92f3d48e50457e0264e4c636b71d53001eee048
- SHA512
  
  d5c09ed8fac89aafb2f7b28732c802c88ac005437213633a671d79c0250ec662e46c96ed1b13312546d775b10e9885a16222cd8e379b516b5b2c4496e653ef58
Score

10^/10

persistence ransomware spyware stealer suricata
- suricata: ET MALWARE Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND
  suricata: ET MALWARE Windows TaskList Microsoft Windows DOS prompt command exit OUTBOUND
  suricata
- Blocklisted process makes network request
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Web Service

Credential Access

Credentials in Files

Discovery

Process Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

persistenceransomwarespywarestealersuricata

© 2018-2024

Terms | Privacy