Extracted

Extracted

• • Target

    surtr.exe

  • Size

    320KB

  • MD5

    e6fc190168519d6a6c4f1519e9450f0f

  • SHA1

    af2080ddf1064fb80c7b9af942aaabf264441098

  • SHA256

    8199ef63e0058be6217ec8392258fbe7fac9fb556b8e87f40a3a45835f424980

  • SHA512

    4522d4e3f8a38dbceb30d09ea04ceeacc33bb273d702d706be68405cd4c9492f862f4ae741f4e0140b54203b3db521e96663f9757bb241b1ac63c1eda3ebb6ba

  • SSDEEP

    6144:Q4K8rYBWqjbqL7busNWGl3GDmm+miR9zrmkdAZ:Q46QKbQJNDl3cmgiRlK

  Score

  10^/10

  surtrevasionpersistenceransomwarespywarestealertrojanupx

  • Detects Surtr Payload

  • Surtr

    Ransomware family first seen in late 2021.

    ransomwaresurtr

  • UAC bypass

    evasiontrojan

  • Clears Windows event logs

    evasionransomware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Modifies boot configuration data using bcdedit

    ransomwareevasion

  • rans

    .

  • Disables Task Manager via registry modification

    evasion

  • Disables use of System Restore points

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Drops startup file

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2