Behavioral task
behavioral1
Sample
Ransomware Cyb3r Byt3s.exe
Resource
win7-20240729-en
Behavioral task
behavioral2
Sample
Ransomware Cyb3r Byt3s.exe
Resource
win10v2004-20241007-en
General
-
Target
Ransomware Cyb3r Byt3s.exe
-
Size
735KB
-
MD5
535bc51f49d1106cf06dfe92ad0444b5
-
SHA1
c2260418363cd0b0d099059e4dde4f2ae61da745
-
SHA256
a834b3d15719bbf9f0c7b5740b8a30de2eb3aee9e24598b3a30e37253e0c154e
-
SHA512
17b6c3bdba740d16e96f2212b9d4b7d82ec4ac94cc24eedaf00b30c556473bf6c11d8d1bbdfe98823685b9d0342bf21fb4f4a9db585d60686dbb60b2e7772de2
-
SSDEEP
12288:U3aga2H7TvoQgRFlyt0CLPj3fNFLk6TNcLhytKdGWXQikDhPKOPY6cUe3XQ2fwCB:zU7Glyt7LvNFLkgNcLhYChkDhPPY6cU2
Malware Config
Signatures
-
resource yara_rule sample upx -
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource Ransomware Cyb3r Byt3s.exe unpack001/out.upx
Files
-
Ransomware Cyb3r Byt3s.exe.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
UPX0 Size: - Virtual size: 3.9MB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
UPX1 Size: 732KB - Virtual size: 736KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
-
out.upx.exe windows:6 windows x86 arch:x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4.6MB - Virtual size: 4.6MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ