cerber | e9444aab090e91374385729b93f05668504a966d2bb00b516dfd6abb961f4c0f | Triage

Submit
Reports

Overview

overview

Static

static

3

spoofer.exe

windows10-1703-x64

Sharing

General

Target

spoofer.exe
Size

9.4MB
Sample

240331-3cqdhafd82
MD5

80ec9fe0e6a95907f78b6038623c8618
SHA1

42b44edc959f80a9a5a48e2aca4104912044b891
SHA256

e9444aab090e91374385729b93f05668504a966d2bb00b516dfd6abb961f4c0f
SHA512

e66550f70b85ca12c51b8a6cc91b370a7f4d734c19ae20c1f4a8f9495cc9222cefe0202ca016c1b14ce71ab6bfc4211c1d7c897493f12eae1ff4ebfaaeb77e90
SSDEEP

196608:l2bKBGvNyjWR+hQU8sKmgpHT97KnGNJQdVBuk7Tt2fMcto:GEoYjWnsbSx7mGn+AqxPcto

Score

10^/10

cerber ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

spoofer.exe

Resource

win10-20240221-en

cerber ransomware spyware stealer

windows10-1703-x64

27 signatures

150 seconds

Malware Config

Targets

- Target
  
  spoofer.exe
- Size
  
  9.4MB
- MD5
  
  80ec9fe0e6a95907f78b6038623c8618
- SHA1
  
  42b44edc959f80a9a5a48e2aca4104912044b891
- SHA256
  
  e9444aab090e91374385729b93f05668504a966d2bb00b516dfd6abb961f4c0f
- SHA512
  
  e66550f70b85ca12c51b8a6cc91b370a7f4d734c19ae20c1f4a8f9495cc9222cefe0202ca016c1b14ce71ab6bfc4211c1d7c897493f12eae1ff4ebfaaeb77e90
- SSDEEP
  
  196608:l2bKBGvNyjWR+hQU8sKmgpHT97KnGNJQdVBuk7Tt2fMcto:GEoYjWnsbSx7mGn+AqxPcto
Score

10^/10

cerber ransomware spyware stealer
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Deletes NTFS Change Journal
  The USN change journal is a persistent log of all changes made to local files used by Windows Server systems.
  ransomware
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Nirsoft
- Drops file in Drivers directory
- Drops startup file
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Remote System Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Data Destruction

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cerberransomwarespywarestealer

© 2018-2024

Terms | Privacy