5668e6a044b5982f1c2e542dc6cbdb065c35bf0555cc684e374004ac67ba23a1 | Triage

Submit
Reports

Overview

overview

Static

static

1

5668e6a044...a1.exe

windows7-x64

5668e6a044...a1.exe

windows10-2004-x64

Sharing

General

Target

5668e6a044b5982f1c2e542dc6cbdb065c35bf0555cc684e374004ac67ba23a1
Size

211KB
Sample

220725-d2rkesdafq
MD5

3c9c3f967aafcae7e3831205a0118b9e
SHA1

1bd361aefbd04b84c48937a14b5318806897e4a5
SHA256

5668e6a044b5982f1c2e542dc6cbdb065c35bf0555cc684e374004ac67ba23a1
SHA512

165d4c457ca5a7a82c77ca3c98c42b76eb13cd4374c11a5895013b64c315ecefdd78dd978a16f0daac28289d21d2079629233f664849ef71e7284b783fe255ec

Score

10^/10

discovery ransomware spyware stealer suricata

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

5668e6a044b5982f1c2e542dc6cbdb065c35bf0555cc684e374004ac67ba23a1.exe

Resource

win7-20220718-en

discovery ransomware spyware stealer suricata

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

5668e6a044b5982f1c2e542dc6cbdb065c35bf0555cc684e374004ac67ba23a1.exe

Resource

win10v2004-20220721-en

discovery ransomware spyware stealer suricata

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  5668e6a044b5982f1c2e542dc6cbdb065c35bf0555cc684e374004ac67ba23a1
- Size
  
  211KB
- MD5
  
  3c9c3f967aafcae7e3831205a0118b9e
- SHA1
  
  1bd361aefbd04b84c48937a14b5318806897e4a5
- SHA256
  
  5668e6a044b5982f1c2e542dc6cbdb065c35bf0555cc684e374004ac67ba23a1
- SHA512
  
  165d4c457ca5a7a82c77ca3c98c42b76eb13cd4374c11a5895013b64c315ecefdd78dd978a16f0daac28289d21d2079629233f664849ef71e7284b783fe255ec
Score

10^/10

discovery ransomware spyware stealer suricata
- suricata: ET MALWARE Ransomware/Cerber Checkin 2
  suricata: ET MALWARE Ransomware/Cerber Checkin 2
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Contacts a large (512) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Contacts a large (525) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Credential Access

Credentials in Files

Discovery

Network Service Scanning

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryransomwarespywarestealersuricata

behavioral2

discoveryransomwarespywarestealersuricata

© 2018-2024

Terms | Privacy