Overview

overview

10

Static

static

3

yungbruh.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    yungbruh.exe

  • Size

    494KB

  • Sample

    240223-bd91rahf56

  • MD5

    04175e8956ed6068fdfa77565bb99a68

  • SHA1

    4b4019903e7383b7acf7a8147e7f3282c95bb96e

  • SHA256

    7a36b3bdb89ad56e57b3b35cf2b32adbbedd5aae4e27251cb8e304ed325b3bf9

  • SHA512

    5a52ca2d2bfc8ac0647ec09d3f1b361f17c38b4bf442175c37a919c006fe5550f30e3df2c56d87c67c6cb66aa39fa58acd49c3c44dc30a7c15fe551e00b1dfa7

  • SSDEEP

    6144:iuwm9u8IxkTi9WxqhStoevTFp7sH+IsycpR+iuGsYH5+bpca0vYnE3ben:iuM9WxGCoevTFJzyceiuUwpca0vYnN

Score
10/10
cerberevasionransomware

Malware Config

Targets

    • Target

      yungbruh.exe

    • Size

      494KB

    • MD5

      04175e8956ed6068fdfa77565bb99a68

    • SHA1

      4b4019903e7383b7acf7a8147e7f3282c95bb96e

    • SHA256

      7a36b3bdb89ad56e57b3b35cf2b32adbbedd5aae4e27251cb8e304ed325b3bf9

    • SHA512

      5a52ca2d2bfc8ac0647ec09d3f1b361f17c38b4bf442175c37a919c006fe5550f30e3df2c56d87c67c6cb66aa39fa58acd49c3c44dc30a7c15fe551e00b1dfa7

    • SSDEEP

      6144:iuwm9u8IxkTi9WxqhStoevTFp7sH+IsycpR+iuGsYH5+bpca0vYnE3ben:iuM9WxGCoevTFJzyceiuUwpca0vYnN

    Score
    10/10
    cerberevasionransomware

    • Cerber

      Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

      ransomwarecerber

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Downloads MZ/PE file

    • Modifies Windows Firewall

      evasion

    • Stops running service(s)

      evasion

    • Executes dropped EXE

    • Legitimate hosting services abused for malware hosting/C2

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

Persistence

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Privilege Escalation

Create or Modify System Process

2
T1543

Windows Service

2
T1543.003

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Inhibit System Recovery

2
T1490

Service Stop

1
T1489

Resource Development

Reconnaissance

Tasks