562f127b835531599169a09bde0a87ecaea2fc56eb12746766c14dc6e607ade8 | Triage

Submit
Reports

Overview

overview

Static

static

562f127b83...e8.exe

windows7-x64

562f127b83...e8.exe

windows10-2004-x64

7

Sharing

General

Target

562f127b835531599169a09bde0a87ecaea2fc56eb12746766c14dc6e607ade8
Size

253KB
Sample

220725-fsw5nagbap
MD5

504095753fec8c61d54b4f5f6c1e3b1b
SHA1

97292439666f783373cdfc32c911daadc2f64650
SHA256

562f127b835531599169a09bde0a87ecaea2fc56eb12746766c14dc6e607ade8
SHA512

52d5494d2e564ac62db419cf70735d9923b1641cb20482bf4529619651539cd3e8ca0ac6068418149e9947f905af270ce7df76909ecc38344c1f82d902a94345

Score

10^/10

discovery ransomware spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

562f127b835531599169a09bde0a87ecaea2fc56eb12746766c14dc6e607ade8.exe

Resource

win7-20220718-en

discovery ransomware spyware stealer suricata

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

562f127b835531599169a09bde0a87ecaea2fc56eb12746766c14dc6e607ade8.exe

Resource

win10v2004-20220721-en

windows10-2004-x64

2 signatures

150 seconds

Malware Config

Targets

- Target
  
  562f127b835531599169a09bde0a87ecaea2fc56eb12746766c14dc6e607ade8
- Size
  
  253KB
- MD5
  
  504095753fec8c61d54b4f5f6c1e3b1b
- SHA1
  
  97292439666f783373cdfc32c911daadc2f64650
- SHA256
  
  562f127b835531599169a09bde0a87ecaea2fc56eb12746766c14dc6e607ade8
- SHA512
  
  52d5494d2e564ac62db419cf70735d9923b1641cb20482bf4529619651539cd3e8ca0ac6068418149e9947f905af270ce7df76909ecc38344c1f82d902a94345
Score

10^/10

discovery ransomware spyware stealer suricata
- suricata: ET MALWARE Ransomware/Cerber Checkin 2
  suricata: ET MALWARE Ransomware/Cerber Checkin 2
  suricata
- suricata: ET MALWARE Ransomware/Cerber Checkin M3 (9)
  suricata: ET MALWARE Ransomware/Cerber Checkin M3 (9)
  suricata
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Contacts a large (512) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Credentials in Files

Discovery

Network Service Scanning

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

discoveryransomwarespywarestealersuricata

behavioral2

© 2018-2024

Terms | Privacy