Overview

overview

10

Static

static

sts.exe

windows7-x64

10

sts.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5fed7de7415f0371f2164cc5728b3c463965847418f393b94d8d448f1d29d1b7

  • Size

    1.7MB

  • Sample

    220731-jwdn9sfde4

  • MD5

    4fae8234233ef2b7f7586c68a0e7e6b2

  • SHA1

    80ef316e906e42b288af8446ef7a772e994d86b1

  • SHA256

    5fed7de7415f0371f2164cc5728b3c463965847418f393b94d8d448f1d29d1b7

  • SHA512

    2ef0708238b10ed1a527b75664c22aa82b82b285e3ad08650000ed5c8e38f96148cfdf270af77ba899c73b84b4170f4e15dbf70b3f9ea89a60c0b58f7d17cc4e

Score
10/10
satancryptordiscoveryransomwarespywarestealer

Malware Config

Targets

    • Target

      sts.exe

    • Size

      1.7MB

    • MD5

      c290cd24892905fbcf3cb39929de19a5

    • SHA1

      4d105c8331d23ded5de85fb18dbe552c73c0998d

    • SHA256

      3e3f8570c11dff0b5a0e061eae6bdd66cf9fa01d815658a0589d98873500358d

    • SHA512

      f25e7a23f855a7e99e8931455368cd97e6d23a9680dc737fb134726a0b3bb965db99b1d1d1d01d156fef3190d296ce2b7bcd5eb39b587ba685516140a3a22ef9

    Score
    10/10
    satancryptorransomwarespywarestealerdiscovery

    • SatanCryptor

      Golang ransomware first seen in early 2020.

      ransomwaresatancryptor

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks