cerber | e45a223e95e8fbae17daa2b587f400231b720dfeaa30086bade38a2e0c037cd8 | Triage

Sharing

General

Target

HwidWoofer.exe
Size

37KB
Sample

240317-vzg2msbb73
MD5

56956f15efc4b5c32c5b29c26f043c26
SHA1

5d8936716e7735235618fe2c8c8d813f3fab9684
SHA256

e45a223e95e8fbae17daa2b587f400231b720dfeaa30086bade38a2e0c037cd8
SHA512

b17406525d45dc938ccb24a6e7ac8388970e477d8c8b1863a5743af671a514d0772662a0fdf700898a55852e2710540b80b3a42990f9df813399daf66a2d01aa
SSDEEP

768:sWAyP38owL450RzHkAklLHp5zekO39cG:yykoAvRzEPLjsc

Score

10^/10

cerber evasion ransomware

Malware Config

Targets

- Target
  
  HwidWoofer.exe
- Size
  
  37KB
- MD5
  
  56956f15efc4b5c32c5b29c26f043c26
- SHA1
  
  5d8936716e7735235618fe2c8c8d813f3fab9684
- SHA256
  
  e45a223e95e8fbae17daa2b587f400231b720dfeaa30086bade38a2e0c037cd8
- SHA512
  
  b17406525d45dc938ccb24a6e7ac8388970e477d8c8b1863a5743af671a514d0772662a0fdf700898a55852e2710540b80b3a42990f9df813399daf66a2d01aa
- SSDEEP
  
  768:sWAyP38owL450RzHkAklLHp5zekO39cG:yykoAvRzEPLjsc
Score

10^/10

cerber evasion ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Impair Defenses

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cerberevasionransomware

behavioral2

cerberevasionransomware