Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://cdn.discorda...

windows10-1703-x64

10

Resubmissions

21-03-2024 21:16

240321-z4vkracd61 7

21-03-2024 21:12

240321-z2paysad85 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://cdn.discordapp.com/attachments/1220479702456602654/1220480136097435689/GGPermV3.zip?ex=660f17b3&is=65fca2b3&hm=50efa438428d35e8fc7af5e216672f2b1f6116d554d2989bfbb278fd0e4f591e&

  • Sample

    240321-z2paysad85

Score
10/10
cerberevasionransomwarespywarestealer

Malware Config

Targets

    • Target

      https://cdn.discordapp.com/attachments/1220479702456602654/1220480136097435689/GGPermV3.zip?ex=660f17b3&is=65fca2b3&hm=50efa438428d35e8fc7af5e216672f2b1f6116d554d2989bfbb278fd0e4f591e&

    Score
    10/10
    cerberevasionransomwarespywarestealer

    • Cerber

      Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

      ransomwarecerber

    • Stops running service(s)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks