General
-
Target
5607414907c0494f734000ba029c6b74a0eafdf2bfbecc24d410855108635100
-
Size
382KB
-
Sample
220725-gtsz3aaabp
-
MD5
432ad4941c057927786e3b6646ecf2f3
-
SHA1
45babe449954544219054e327523de5812597eaa
-
SHA256
5607414907c0494f734000ba029c6b74a0eafdf2bfbecc24d410855108635100
-
SHA512
8b8fa755cf8a18fe7a822edcb977e8d8ee7615ccc56f5eac5c4eb7113f1faa8c983a9da18a08923c7e14d1bc86f2cae7d0a98322e8fcb8fb180733c0e9b04ab3
Static task
static1
Behavioral task
behavioral1
Sample
5607414907c0494f734000ba029c6b74a0eafdf2bfbecc24d410855108635100.exe
Resource
win7-20220715-en
Behavioral task
behavioral2
Sample
5607414907c0494f734000ba029c6b74a0eafdf2bfbecc24d410855108635100.exe
Resource
win10v2004-20220721-en
Malware Config
Targets
-
-
Target
5607414907c0494f734000ba029c6b74a0eafdf2bfbecc24d410855108635100
-
Size
382KB
-
MD5
432ad4941c057927786e3b6646ecf2f3
-
SHA1
45babe449954544219054e327523de5812597eaa
-
SHA256
5607414907c0494f734000ba029c6b74a0eafdf2bfbecc24d410855108635100
-
SHA512
8b8fa755cf8a18fe7a822edcb977e8d8ee7615ccc56f5eac5c4eb7113f1faa8c983a9da18a08923c7e14d1bc86f2cae7d0a98322e8fcb8fb180733c0e9b04ab3
-
Modifies visiblity of hidden/system files in Explorer
-
suricata: ET MALWARE Ransomware/Cerber Checkin 2
suricata: ET MALWARE Ransomware/Cerber Checkin 2
-
Modifies boot configuration data using bcdedit
-
Adds policy Run key to start application
-
Contacts a large (514) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (530) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-