General
-
Target
57850ebe66056f46e7aae3e73a3b877a325ac33b7b09854dcfee542c9c3329f7
-
Size
258KB
-
Sample
220724-1tdd6aaagn
-
MD5
708af24c5db46ab43c464dc4ed50e800
-
SHA1
5b2a4f506b074d8d94677cd066c35c5903ad3f43
-
SHA256
57850ebe66056f46e7aae3e73a3b877a325ac33b7b09854dcfee542c9c3329f7
-
SHA512
d9237e6aa40441fb494a7f0721f77893a4739c294343d090048d386511b78412f3712ff353cce1fe59b4f4d8f9290155e51c21022b2ec3c8a02f370be4ea9bc6
Malware Config
Targets
-
-
Target
57850ebe66056f46e7aae3e73a3b877a325ac33b7b09854dcfee542c9c3329f7
-
Size
258KB
-
MD5
708af24c5db46ab43c464dc4ed50e800
-
SHA1
5b2a4f506b074d8d94677cd066c35c5903ad3f43
-
SHA256
57850ebe66056f46e7aae3e73a3b877a325ac33b7b09854dcfee542c9c3329f7
-
SHA512
d9237e6aa40441fb494a7f0721f77893a4739c294343d090048d386511b78412f3712ff353cce1fe59b4f4d8f9290155e51c21022b2ec3c8a02f370be4ea9bc6
Score10/10-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Modifies visiblity of hidden/system files in Explorer
-
suricata: ET MALWARE Ransomware/Cerber Checkin 2
suricata: ET MALWARE Ransomware/Cerber Checkin 2
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Adds policy Run key to start application
-
Contacts a large (514) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Contacts a large (527) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Drops startup file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-