General
-
Target
mw3reaper.rar
-
Size
13.2MB
-
Sample
240312-eyaceaab88
-
MD5
c77fd8185dd3fe2ee5672a0531c4b3c7
-
SHA1
7e321783026506c06cd3c34dabdb2ec4f277d17b
-
SHA256
11c712b2b16eeb1652793fc8bad16d9177ef161398dceb95e136f8f2a349e56c
-
SHA512
b0c3696a406a34b5a1e7cf8413d416251959006162901a7934054f09f0b909e2e582ce215dd97b8f7170b47c5d054f95ea9109d1cbcff67c69844e89125dce7b
-
SSDEEP
393216:UN0mmXrXBwtGmoWtJVKSJgNn3TeGKLCM3v:UN8rXetGTWtJNJgNnDI/
Malware Config
Targets
-
-
Target
mw3reaper.rar
-
Size
13.2MB
-
MD5
c77fd8185dd3fe2ee5672a0531c4b3c7
-
SHA1
7e321783026506c06cd3c34dabdb2ec4f277d17b
-
SHA256
11c712b2b16eeb1652793fc8bad16d9177ef161398dceb95e136f8f2a349e56c
-
SHA512
b0c3696a406a34b5a1e7cf8413d416251959006162901a7934054f09f0b909e2e582ce215dd97b8f7170b47c5d054f95ea9109d1cbcff67c69844e89125dce7b
-
SSDEEP
393216:UN0mmXrXBwtGmoWtJVKSJgNn3TeGKLCM3v:UN8rXetGTWtJNJgNnDI/
Score10/10-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-