cerber | 967e7d816b6ec752b3d99256dacc0216af80f63046f36d4db699c90219c17ae5 | Triage

Sharing

General

Target

memorium.exe
Size

1.6MB
Sample

231225-kvjpkafcb2
MD5

c4ee913e290d76916d7e7658049491a5
SHA1

9e3e83c128e51a3f8b9a044957a390429e6b5e29
SHA256

967e7d816b6ec752b3d99256dacc0216af80f63046f36d4db699c90219c17ae5
SHA512

06aabdc66e26f2c2f66314cbcb7f7ae8735fd57f4b51778d7866a3a5272b58d15e724b2c4f7cced20614edbb056d6fee82a76828288908cffbc772ab95dbb5f1
SSDEEP

24576:vbw+7NLKcPZFML5xxIOUyTyPUz977wsAKaBApkF77RpoCgfdt6on7iuk77DNj:jwuYLZIYyPUzJAKrq6hp+ZDN

Score

10^/10

cerber evasion ransomware

Malware Config

Targets

- Target
  
  memorium.exe
- Size
  
  1.6MB
- MD5
  
  c4ee913e290d76916d7e7658049491a5
- SHA1
  
  9e3e83c128e51a3f8b9a044957a390429e6b5e29
- SHA256
  
  967e7d816b6ec752b3d99256dacc0216af80f63046f36d4db699c90219c17ae5
- SHA512
  
  06aabdc66e26f2c2f66314cbcb7f7ae8735fd57f4b51778d7866a3a5272b58d15e724b2c4f7cced20614edbb056d6fee82a76828288908cffbc772ab95dbb5f1
- SSDEEP
  
  24576:vbw+7NLKcPZFML5xxIOUyTyPUz977wsAKaBApkF77RpoCgfdt6on7iuk77DNj:jwuYLZIYyPUzJAKrq6hp+ZDN
Score

10^/10

evasion cerber ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Stops running service(s)
  evasion
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

behavioral2

cerberevasionransomware