Overview

overview

9

Static

static

3

smert.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    smert.exe

  • Size

    143KB

  • Sample

    240703-dff7kayblj

  • MD5

    c8be4a8780add1b2d541acadc515f14e

  • SHA1

    7df3c3216403d10317fae70df7dfda8886e31d18

  • SHA256

    2b809e288a8b39018ca5b2592e8e38ce25b49fdceac028c799f4e0f522b92207

  • SHA512

    e4ba73cd5d597edd48ff7a05b410138fa5c65bcce050bf59ee07fedc4da7574804bf4c941b06f0040d943fb919c294c86b08df5b25953a369c6a3199067d6b0b

  • SSDEEP

    3072:jNp8AZVBeARr/BKXVVkCd4xFuSrqzpsrq6L:nbBeAB/BcXuxMg

Score
9/10
ransomware

Malware Config

Targets

    • Target

      smert.exe

    • Size

      143KB

    • MD5

      c8be4a8780add1b2d541acadc515f14e

    • SHA1

      7df3c3216403d10317fae70df7dfda8886e31d18

    • SHA256

      2b809e288a8b39018ca5b2592e8e38ce25b49fdceac028c799f4e0f522b92207

    • SHA512

      e4ba73cd5d597edd48ff7a05b410138fa5c65bcce050bf59ee07fedc4da7574804bf4c941b06f0040d943fb919c294c86b08df5b25953a369c6a3199067d6b0b

    • SSDEEP

      3072:jNp8AZVBeARr/BKXVVkCd4xFuSrqzpsrq6L:nbBeAB/BcXuxMg

    Score
    9/10
    ransomware

    • Renames multiple (761) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks