cerber | 628a2b6ad14cb09e3432f369c7ac3f2d341c5c518bfb9af16ee77e1d62601deb | Triage

Submit
Reports

Overview

overview

Static

static

3

1buttonBETA10-22b.exe

windows7-x64

1buttonBETA10-22b.exe

windows10-2004-x64

1

Sharing

General

Target

1buttonBETA10-22b.exe
Size

31.9MB
Sample

240311-ajsg8afa63
MD5

a48537d35ede9fe4d15b0818870c6ff2
SHA1

e760863c4db17e55e72ba507ebb22a5b9396c304
SHA256

628a2b6ad14cb09e3432f369c7ac3f2d341c5c518bfb9af16ee77e1d62601deb
SHA512

c6556320d20a051cbfe08febbdf80ff3168b4a7654ce1d77bada1329d499497462cef1d978abfa95d064dac49eb14dc7e914d0b9391aec6546991d499f3aaf97
SSDEEP

786432:LCnT9Z2zDfgQwtKa41MOYS0ndZNEMans/GtxeUVMGHKc6j:YLSMQwwa41ro9EManrtxTMx

Score

10^/10

cerber evasion ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1buttonBETA10-22b.exe

Resource

win7-20240215-en

cerber evasion ransomware

windows7-x64

21 signatures

150 seconds

Behavioral task

behavioral2

Sample

1buttonBETA10-22b.exe

Resource

win10v2004-20240226-en

windows10-2004-x64

0 signatures

150 seconds

Malware Config

Targets

- Target
  
  1buttonBETA10-22b.exe
- Size
  
  31.9MB
- MD5
  
  a48537d35ede9fe4d15b0818870c6ff2
- SHA1
  
  e760863c4db17e55e72ba507ebb22a5b9396c304
- SHA256
  
  628a2b6ad14cb09e3432f369c7ac3f2d341c5c518bfb9af16ee77e1d62601deb
- SHA512
  
  c6556320d20a051cbfe08febbdf80ff3168b4a7654ce1d77bada1329d499497462cef1d978abfa95d064dac49eb14dc7e914d0b9391aec6546991d499f3aaf97
- SSDEEP
  
  786432:LCnT9Z2zDfgQwtKa41MOYS0ndZNEMans/GtxeUVMGHKc6j:YLSMQwwa41ro9EManrtxTMx
Score

10^/10

cerber evasion ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Clears Windows event logs
  evasion ransomware
- Nirsoft
- Drops file in Drivers directory
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Indicator Removal

Impair Defenses

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cerberevasionransomware

behavioral2

© 2018-2024

Terms | Privacy