General

  • Target

    55eaba372a17bab0c6f117b4f4ccafa813d858e615ad60e9d7791ba9b21bc57e

  • Size

    284KB

  • Sample

    220725-g75k1safer

  • MD5

    0744c2a7e057543392d2f9c59e567807

  • SHA1

    5da843a9a2bb2e1f5bed98ee1359c2312418d5e2

  • SHA256

    55eaba372a17bab0c6f117b4f4ccafa813d858e615ad60e9d7791ba9b21bc57e

  • SHA512

    b425ff52aed08d8627e33a4ae1799d132de6b92a977665b70f1d22548ecca8a311665f3a9b0c738291219f3f767cd050a78818036773f199223f2cb6ae7010c2

Malware Config

Targets

    • Target

      55eaba372a17bab0c6f117b4f4ccafa813d858e615ad60e9d7791ba9b21bc57e

    • Size

      284KB

    • MD5

      0744c2a7e057543392d2f9c59e567807

    • SHA1

      5da843a9a2bb2e1f5bed98ee1359c2312418d5e2

    • SHA256

      55eaba372a17bab0c6f117b4f4ccafa813d858e615ad60e9d7791ba9b21bc57e

    • SHA512

      b425ff52aed08d8627e33a4ae1799d132de6b92a977665b70f1d22548ecca8a311665f3a9b0c738291219f3f767cd050a78818036773f199223f2cb6ae7010c2

    • suricata: ET MALWARE Ransomware/Cerber Checkin 2

      suricata: ET MALWARE Ransomware/Cerber Checkin 2

    • suricata: ET MALWARE Ransomware/Cerber Checkin M3 (9)

      suricata: ET MALWARE Ransomware/Cerber Checkin M3 (9)

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Contacts a large (512) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

File Deletion

1
T1107

Credential Access

Credentials in Files

1
T1081

Discovery

Network Service Scanning

1
T1046

System Information Discovery

1
T1082

Collection

Data from Local System

1
T1005

Impact

Inhibit System Recovery

1
T1490

Tasks