Overview

overview

9

Static

static

3

smert.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

  • Target

    smert.exe

  • Size

    142KB

  • Sample

    240703-dh4qmsthme

  • MD5

    516e56a291d08bce9a45dcfb38f3c04e

  • SHA1

    485d482005fbe93cb1ca6a22d2525cabd9761f07

  • SHA256

    5283fc8f03a87da820330676365a27a6c244d747b22e7edcddab19d5ef0db480

  • SHA512

    e0ef00b5837d707470a1b18f85ffd3877f32321d83e6fe72b53c99163adb37c806c48a099428a8d66b9170708d3311422969b7e72fac9a3240f458199847096f

  • SSDEEP

    3072:B9szWRa/lARw/DowyEZpNmDDq+cG7sbqzXm:kl/lAe/Dhv8DuWX

Score
9/10
ransomware

Malware Config

Targets

    • Target

      smert.exe

    • Size

      142KB

    • MD5

      516e56a291d08bce9a45dcfb38f3c04e

    • SHA1

      485d482005fbe93cb1ca6a22d2525cabd9761f07

    • SHA256

      5283fc8f03a87da820330676365a27a6c244d747b22e7edcddab19d5ef0db480

    • SHA512

      e0ef00b5837d707470a1b18f85ffd3877f32321d83e6fe72b53c99163adb37c806c48a099428a8d66b9170708d3311422969b7e72fac9a3240f458199847096f

    • SSDEEP

      3072:B9szWRa/lARw/DowyEZpNmDDq+cG7sbqzXm:kl/lAe/Dhv8DuWX

    Score
    9/10
    ransomware

    • Renames multiple (494) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks