Overview

overview

9

Static

static

3

smert.exe

windows10-2004-x64

9

Resubmissions

10/07/2024, 09:54

240710-lxc58stalg 9

09/07/2024, 18:29

240709-w5d3lsybml 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    smert.exe

  • Size

    150KB

  • Sample

    240710-lxc58stalg

  • MD5

    337bf10f8510a4135773b41c8bdd6b7a

  • SHA1

    30639fe72167a62071face8dd59444cb0c719735

  • SHA256

    ba3528d1134da485c989f79b2d8f64aa95f14410474544aaf6c50925be3971a4

  • SHA512

    2270e3db799b57fc5cfdedeaf3621fa99036ded14da12016ce02523cac50371b7e2b06fbb99920fae54270b7557657ba35ef5ee420145470a53ed2f14a3e4ba6

  • SSDEEP

    3072:rjMbQVE+PUtTlieRJG0NaSe9Uq45VqYl/JU6wzO3sBkqy62:bIieR00cSBbrqg/66962

Score
9/10
ransomware

Malware Config

Targets

    • Target

      smert.exe

    • Size

      150KB

    • MD5

      337bf10f8510a4135773b41c8bdd6b7a

    • SHA1

      30639fe72167a62071face8dd59444cb0c719735

    • SHA256

      ba3528d1134da485c989f79b2d8f64aa95f14410474544aaf6c50925be3971a4

    • SHA512

      2270e3db799b57fc5cfdedeaf3621fa99036ded14da12016ce02523cac50371b7e2b06fbb99920fae54270b7557657ba35ef5ee420145470a53ed2f14a3e4ba6

    • SSDEEP

      3072:rjMbQVE+PUtTlieRJG0NaSe9Uq45VqYl/JU6wzO3sBkqy62:bIieR00cSBbrqg/66962

    Score
    9/10
    ransomware

    • Renames multiple (198) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks