cerber | 138cc746e59177562ebd9e423e34fb642533b7c848c6b97c262e694625426425 | Triage

Submit
Reports

Overview

overview

Static

static

7

SpooferV1.exe

windows10-2004-x64

Sharing

General

Target

SpooferV1.zip
Size

5.3MB
Sample

240404-yxtjfahb51
MD5

94ff81bbf82b285d8be0088d4daaec22
SHA1

c6d9b728b14181d65a1a013f2b79345850b73634
SHA256

138cc746e59177562ebd9e423e34fb642533b7c848c6b97c262e694625426425
SHA512

8f9713afca4cfc57ddfeb238908fb5f9823544526434de9f7fd12dc43cf070f5b7c4f16031502e9d00f4ac46cce00c2eb162f1fdff224485036ce65c6b0b02aa
SSDEEP

98304:d2JlPICxZiLrznfU6p17PISBpf8R934IGBZteZX+GIhrVZODMG65VtziyyfgomP0:d2JeCSDfVbISi2ISbubErHOfEdifgom8

Score

10^/10

cerber evasion ransomware themida

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

SpooferV1.exe

Resource

win10v2004-20240319-fr

cerber evasion ransomware themida

windows10-2004-x64

20 signatures

600 seconds

Malware Config

Targets

- Target
  
  SpooferV1.exe
- Size
  
  101KB
- MD5
  
  d40d70252d42764cdf128222c211fb67
- SHA1
  
  91915d020dd32309266342dbe733393838a6a6f0
- SHA256
  
  6c2059f0321eab846ae86da008a2227179c0afb5920036e9ea8389009670aeb9
- SHA512
  
  6a73ca112052475e48011d59a1cc1515a9ca93fc2e28bbe9f99170be31a74f8ee1a15c895954dc79ae7223cb14f661d5bf9eeead93aa8934c7777112db71b4fc
- SSDEEP
  
  1536:37fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfqwxWS43OgwOQ:r7DhdC6kzWypvaQ0FxyNTBfqdHOl
Score

10^/10

cerber evasion ransomware themida
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Stops running service(s)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Virtualization/Sandbox Evasion

Impair Defenses

Credential Access

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cerberevasionransomwarethemida

© 2018-2024

Terms | Privacy