General
-
Target
2f72425b28c03245758d9778b9f637ac981f1ec3df591162f69949c466bfb19c.sample
-
Size
191KB
-
Sample
210726-efemayph3s
-
MD5
965d3b5a69778fb98336811099866921
-
SHA1
34293ddd9c4f8b2239e288bf7c3680743bc23eb3
-
SHA256
2f72425b28c03245758d9778b9f637ac981f1ec3df591162f69949c466bfb19c
-
SHA512
ff8f648702d53716bbf4d40f1e3097a288e0665614543fb21fca942bd12c6105023d9bddb99761b11ae2b4ec3257258be2ae995487225cdcd49955255d651b24
Static task
static1
Behavioral task
behavioral1
Sample
2f72425b28c03245758d9778b9f637ac981f1ec3df591162f69949c466bfb19c.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
2f72425b28c03245758d9778b9f637ac981f1ec3df591162f69949c466bfb19c.sample.exe
Resource
win10v20210410
Malware Config
Extracted
\??\c:\_R_E_A_D___T_H_I_S___7DI7G_.txt
cerber
http://xpcx6erilkjced3j.onion/9A18-3140-AE1D-0006-4CFE
http://xpcx6erilkjced3j.tor2web.org/9A18-3140-AE1D-0006-4CFE
http://xpcx6erilkjced3j.onion.link/9A18-3140-AE1D-0006-4CFE
http://xpcx6erilkjced3j.onion.nu/9A18-3140-AE1D-0006-4CFE
http://xpcx6erilkjced3j.onion.cab/9A18-3140-AE1D-0006-4CFE
http://xpcx6erilkjced3j.onion.to/9A18-3140-AE1D-0006-4CFE
Extracted
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___6S47TM9_.hta
http://xpcx6erilkjced3j.tor2web.org/9A18-3140-AE1D-0006-4CFEhttp://xpcx6erilkjced3j.onion.link/9A18-3140-AE1D-0006-4CFEhttp://xpcx6erilkjced3j.onion.nu/9A18-3140-AE1D-0006-4CFEhttp://xpcx6erilkjced3j.onion.cab/9A18-3140-AE1D-0006-4CFEhttp://xpcx6erilkjced3j.onion.to/9A18-3140-AE1D-0006-4CFE
http://xpcx6erilkjced3j.onion/9A18-3140-AE1D-0006-4CFE
https://www.baidu.com
Extracted
\??\c:\_R_E_A_D___T_H_I_S___DH31LD_.txt
cerber
http://xpcx6erilkjced3j.onion/CDFC-ECDD-6DF1-0006-4C5B
http://xpcx6erilkjced3j.tor2web.org/CDFC-ECDD-6DF1-0006-4C5B
http://xpcx6erilkjced3j.onion.link/CDFC-ECDD-6DF1-0006-4C5B
http://xpcx6erilkjced3j.onion.nu/CDFC-ECDD-6DF1-0006-4C5B
http://xpcx6erilkjced3j.onion.cab/CDFC-ECDD-6DF1-0006-4C5B
http://xpcx6erilkjced3j.onion.to/CDFC-ECDD-6DF1-0006-4C5B
Extracted
C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___0Z1C2HLD_.hta
http://xpcx6erilkjced3j.tor2web.org/CDFC-ECDD-6DF1-0006-4C5Bhttp://xpcx6erilkjced3j.onion.link/CDFC-ECDD-6DF1-0006-4C5Bhttp://xpcx6erilkjced3j.onion.nu/CDFC-ECDD-6DF1-0006-4C5Bhttp://xpcx6erilkjced3j.onion.cab/CDFC-ECDD-6DF1-0006-4C5Bhttp://xpcx6erilkjced3j.onion.to/CDFC-ECDD-6DF1-0006-4C5B
http://xpcx6erilkjced3j.onion/CDFC-ECDD-6DF1-0006-4C5B
https://www.baidu.com
Targets
-
-
Target
2f72425b28c03245758d9778b9f637ac981f1ec3df591162f69949c466bfb19c.sample
-
Size
191KB
-
MD5
965d3b5a69778fb98336811099866921
-
SHA1
34293ddd9c4f8b2239e288bf7c3680743bc23eb3
-
SHA256
2f72425b28c03245758d9778b9f637ac981f1ec3df591162f69949c466bfb19c
-
SHA512
ff8f648702d53716bbf4d40f1e3097a288e0665614543fb21fca942bd12c6105023d9bddb99761b11ae2b4ec3257258be2ae995487225cdcd49955255d651b24
Score10/10-
suricata: ET MALWARE ABUSE.CH Ransomware/Cerber Onion Domain Lookup
-
suricata: ET MALWARE Ransomware/Cerber Checkin M3 (10)
-
suricata: ET MALWARE Ransomware/Cerber Checkin M3 (13)
-
Blocklisted process makes network request
-
Modifies Windows Firewall
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-