cerber | 55e1f7704658a1ed2ed6a56e1f720a69e5025c4f6f6d1c10d670fef8fee0af53 | Triage

Submit
Reports

Overview

overview

Static

static

7

Spoofer.exe

windows10-2004-x64

Spoofer.exe

windows11-21h2-x64

8

Sharing

General

Target

Spoofer.exe
Size

9.9MB
Sample

231209-2csm7acch9
MD5

bc1798d84c4e178ad1059a253d2ac75a
SHA1

c61248c5f8bd97ec3dd72e8f82523d06b38714e6
SHA256

55e1f7704658a1ed2ed6a56e1f720a69e5025c4f6f6d1c10d670fef8fee0af53
SHA512

e15d7c2e9582671ab9a8ebc1a3015eeec617a3e497e1cec518ec95995863c186dadcd44eb07bc52d8e21e0746cfba25889bfda627c701e3865280e638f3045ef
SSDEEP

196608:N9aKe7URYWxbTK8BG+kFIJpJgDasysphjSE:SBURlxb2GGB0sDaASE

Score

10^/10

cerber evasion ransomware themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

Spoofer.exe

Resource

win10v2004-20231127-en

cerber evasion ransomware themida

windows10-2004-x64

19 signatures

150 seconds

Behavioral task

behavioral2

Sample

Spoofer.exe

Resource

win11-20231128-en

evasion themida

windows11-21h2-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  Spoofer.exe
- Size
  
  9.9MB
- MD5
  
  bc1798d84c4e178ad1059a253d2ac75a
- SHA1
  
  c61248c5f8bd97ec3dd72e8f82523d06b38714e6
- SHA256
  
  55e1f7704658a1ed2ed6a56e1f720a69e5025c4f6f6d1c10d670fef8fee0af53
- SHA512
  
  e15d7c2e9582671ab9a8ebc1a3015eeec617a3e497e1cec518ec95995863c186dadcd44eb07bc52d8e21e0746cfba25889bfda627c701e3865280e638f3045ef
- SSDEEP
  
  196608:N9aKe7URYWxbTK8BG+kFIJpJgDasysphjSE:SBURlxb2GGB0sDaASE
Score

10^/10

cerber evasion ransomware themida
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Executes dropped EXE
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cerberevasionransomwarethemida

behavioral2

© 2018-2024

Terms | Privacy