cerber | 4ac03a28ad39f04b02cabc654b1946b431ada3c5198a13e07515933f82c80be3 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

bios.exe

windows10-2004-x64

Sharing

General

Target

bios.exe
Size

11KB
Sample

230705-sr6nxsdd95
MD5

4947bbea7829d84e405306175cb159fa
SHA1

b3b8f5b43e41ecbba35f04c16b964578b5c1c083
SHA256

4ac03a28ad39f04b02cabc654b1946b431ada3c5198a13e07515933f82c80be3
SHA512

265ff6398d64015da2da70f512c5f1386a98245ce4d6ac09a623aa805fadcb602453fa05c3a260cbc9eea18f13f443d0c2769851858392e38b92ae2c29d591f8
SSDEEP

192:QFrTzy8k0JMmx8O3napbCCePC1Eq8stYcFwVc03KY:uzrMmapbCCeUEqptYcFwVc03K

Score

10^/10

cerber ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

bios.exe

Resource

win10v2004-20230703-en

cerber ransomware

windows10-2004-x64

11 signatures

1800 seconds

Malware Config

Targets

- Target
  
  bios.exe
- Size
  
  11KB
- MD5
  
  4947bbea7829d84e405306175cb159fa
- SHA1
  
  b3b8f5b43e41ecbba35f04c16b964578b5c1c083
- SHA256
  
  4ac03a28ad39f04b02cabc654b1946b431ada3c5198a13e07515933f82c80be3
- SHA512
  
  265ff6398d64015da2da70f512c5f1386a98245ce4d6ac09a623aa805fadcb602453fa05c3a260cbc9eea18f13f443d0c2769851858392e38b92ae2c29d591f8
- SSDEEP
  
  192:QFrTzy8k0JMmx8O3napbCCePC1Eq8stYcFwVc03KY:uzrMmapbCCeUEqptYcFwVc03K
Score

10^/10

cerber ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Web Service

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

cerberransomware

© 2018-2025

Terms | Privacy