cerber | a58b1f94ba24a2d7f06c2b7a9840243c4e1b75b1b580cf1ce4c5d9af69cedc85 | Triage

Submit
Reports

Overview

overview

Static

static

3

tXauTiJr.exe

windows10-2004-x64

Sharing

General

Target

tXauTiJr.exe
Size

521KB
Sample

240407-fwdgqadg2w
MD5

464c348f1bdf66a75c6b0d51256e916c
SHA1

fa7f683e451ab0a0c6c18a4dde7b9bbdde72ff27
SHA256

a58b1f94ba24a2d7f06c2b7a9840243c4e1b75b1b580cf1ce4c5d9af69cedc85
SHA512

cb07284fd3d33eef29f761fd0d044a9143b9e934eff49a625290c4da23580c1b0bb1f4cd9d5e574c698fbf791d13aa476be2a550baebb4f925ef019015710233
SSDEEP

6144:8a/Z+6VHFnEXbw2Y3h3NWqU/xdwpN8T4LUEDW9VXnHFudT7coWspLaIZ1ZT:8a/h8w2UNiX0gEOpnHFutV5n3

Score

10^/10

cerber ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tXauTiJr.exe

Resource

win10v2004-20240226-en

cerber ransomware

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  tXauTiJr.exe
- Size
  
  521KB
- MD5
  
  464c348f1bdf66a75c6b0d51256e916c
- SHA1
  
  fa7f683e451ab0a0c6c18a4dde7b9bbdde72ff27
- SHA256
  
  a58b1f94ba24a2d7f06c2b7a9840243c4e1b75b1b580cf1ce4c5d9af69cedc85
- SHA512
  
  cb07284fd3d33eef29f761fd0d044a9143b9e934eff49a625290c4da23580c1b0bb1f4cd9d5e574c698fbf791d13aa476be2a550baebb4f925ef019015710233
- SSDEEP
  
  6144:8a/Z+6VHFnEXbw2Y3h3NWqU/xdwpN8T4LUEDW9VXnHFudT7coWspLaIZ1ZT:8a/h8w2UNiX0gEOpnHFutV5n3
Score

10^/10

cerber ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cerberransomware

© 2018-2024

Terms | Privacy