0b355f51d9f38a31fefcc0efa9e039a4c27914c43c8e286c770706fa2dae1951 | Triage

Submit
Reports

Overview

overview

9

Static

static

3

saher_ransomware.exe

windows10-2004-x64

9

Sharing

Copy URL Twitter E-mail

General

Target

saher_ransomware.exe
Size

588KB
Sample

240722-tk5cyswfqm
MD5

80479d26ca4b35c1783ccec53cfe65a6
SHA1

bbfc4ca10b4a48dfec16cf02e3a8cad653dd1373
SHA256

0b355f51d9f38a31fefcc0efa9e039a4c27914c43c8e286c770706fa2dae1951
SHA512

5ed377c4863030c24589c03b5abd5e5f89901528a7ced026f7ab648826e72180d3d57397e81330c0d6fc4065425cea483752f7eb8a101443b9e83ee902de4b85
SSDEEP

12288:oXJNcTukoHNHl7rX8hp18EaQiZWyEyY1ihb0urwAbehN:5T1ThNaQByY1qZr7IN

Score

9^/10

ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

saher_ransomware.exe

Resource

win10v2004-20240709-en

ransomware spyware stealer

windows10-2004-x64

14 signatures

300 seconds

Malware Config

Targets

- Target
  
  saher_ransomware.exe
- Size
  
  588KB
- MD5
  
  80479d26ca4b35c1783ccec53cfe65a6
- SHA1
  
  bbfc4ca10b4a48dfec16cf02e3a8cad653dd1373
- SHA256
  
  0b355f51d9f38a31fefcc0efa9e039a4c27914c43c8e286c770706fa2dae1951
- SHA512
  
  5ed377c4863030c24589c03b5abd5e5f89901528a7ced026f7ab648826e72180d3d57397e81330c0d6fc4065425cea483752f7eb8a101443b9e83ee902de4b85
- SSDEEP
  
  12288:oXJNcTukoHNHl7rX8hp18EaQiZWyEyY1ihb0urwAbehN:5T1ThNaQByY1qZr7IN
Score

9^/10

ransomware spyware stealer
- Renames multiple (1223) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealer

© 2018-2025

Terms | Privacy