Overview

overview

10

Static

static

3

Aridek shi...t1.exe

windows10-2004-x64

7

Aridek shi...t2.exe

windows10-2004-x64

7

Aridek shi...t3.exe

windows10-2004-x64

10

Aridek shi...t4.exe

windows10-2004-x64

7

Aridek shi...er.exe

windows10-2004-x64

7

Aridek shi...er.sys

windows10-2004-x64

1

Aridek shi..._3.sys

windows10-2004-x64

1

Aridek shi...er.sys

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Aridek_shit.rar

  • Size

    5.9MB

  • Sample

    240424-rmcdvabc98

  • MD5

    ec250349e4bb83b69e3cddfec0c9156f

  • SHA1

    977acc4acdaf618a33e7d24d40b3fa0c306b596d

  • SHA256

    1ef9f6f47ce297fa50fe714562d32ec98773acddeec5b17b956e6d4b94bbd14f

  • SHA512

    d9d41e092e18c7694eaef0b81f60f0de74074856d7ac96f2b761be7019859a2021cf31152612fff0ba4dfe0553e7ef4957d62a3abe54f09532b5af677e5dd339

  • SSDEEP

    98304:b/tzC74et9blH8ovXltNq5MbYgxKK1koUlK/o2tjYcJ2g8PYg+zjnAZeTJbRUXBz:7glH823kSkKYcJWYpXAZeVbRUx0+2Rz0

Score
10/10
cerberransomwareupx

Malware Config

Targets

    • Target

      Aridek shit/SpoofShit1.exe

    • Size

      664KB

    • MD5

      35cde0271493c188cfd476da17635f5c

    • SHA1

      cba29bbebe1944b1c2d98b5eee4dcef36a1f18bc

    • SHA256

      9f4ce08e8553b1690ffcf43f1d1a98091a8336e4bc4962f341872956b0e04bf7

    • SHA512

      ba13d8cab4c56040cbae4d054f01207d3cbe25a385728514d37b84bcb0c51d0a278b36807215118a70c01d4ad8b30e62f42385314b415ed1c35061251145c8ed

    • SSDEEP

      12288:ztzE5elwLz9Trs5inhWX/CmD1KghybW9OJmcqf+FNBkMdjzZprxqdAF:ztA4KdTA5jXbDo+ybW9OJmcqfgNTzTF3

    Score
    7/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral1

    • Target

      Aridek shit/SpoofShit2.exe

    • Size

      1.1MB

    • MD5

      980ec9e44ba9ad605cfc829108a4b0fd

    • SHA1

      bbc735e5e8bed45b71ff3c6f53a082b06dad8b60

    • SHA256

      79e1577798e3c7a0df48ad7ff147a1636baa7a5fc9c5f4a7cbce878ba85ed506

    • SHA512

      69d6dff6a9ec99343cfc8ce2f1032457b6c884351464c448258247242441e22816fc89990df592837feae7dc760f376d2b16bc0cf46180e17a3ed46a3a247f4e

    • SSDEEP

      24576:OtA4KdTQiBtg9ddxcj9XUcw72X4bD82EUCmNWi2HZ:PdTP4dxiSNyX2LymWiOZ

    Score
    7/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral2

    • Target

      Aridek shit/SpoofShit3.exe

    • Size

      2.0MB

    • MD5

      65456cbd4e361f409addd27576c428e9

    • SHA1

      d41436b4897a99af94acea0dc74ec9a1ecc2ecd4

    • SHA256

      dffb43586f828825233a655db21e887805b58c008f24aa24012d4992c9b3858f

    • SHA512

      b0d903aae7aaf52b3c1bf5969c99f7b8a693f76498476583e2c3309c7aad2afd577be59fb4e6b797863177e43f141e17b8381be9ba68088f6c43f26483c50ebb

    • SSDEEP

      49152:ndTLEJZg/QrotMh3YQgWtIczlAKNUYo3md76vGWDSY:JEv+QrSMh3LRWK3wmdG+6

    Score
    10/10
    cerberransomwareupx

    • Cerber

      Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

      ransomwarecerber

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral3

    • Target

      Aridek shit/SpoofShit4.exe

    • Size

      1.1MB

    • MD5

      8029a358e207c6bcbbdb3758b1562fef

    • SHA1

      6327a7b2a38e77a025f21f645b912abcc1c7a80b

    • SHA256

      a0140e7fd03531cb2185c8ac6501172e42c3cf2f0b26d2415200e0051701d4c6

    • SHA512

      69ee949643a663e4e24db66a91f0e960c0bd65d89db0dfb7edcd40152fdb913c955d39e522df527dffe7463b778a8f9812345ca1591489c2db33ede266441f56

    • SSDEEP

      24576:OtA4KdTeDUbJWtenvHxcaFNoAN76B3Q19Voo7znR6pl/xbS:PdTUUbJWwnfxc+SAY+9uo3nR6plJbS

    Score
    7/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral4

    • Target

      Aridek shit/kdu-mapper.exe

    • Size

      1.4MB

    • MD5

      220da3c39ef91e9eedcc65ff4815276d

    • SHA1

      3a764f42205c7166618f831168c3cfb20b8f37f6

    • SHA256

      ad6402f149f2802a71b02c4f6fc6c695624c869b5fe8d7ed212606174230b1f4

    • SHA512

      d4caa7296d86505dbe36853d3d1d836cb85260bc2c72b368b7a45fb004cef33498b7f1fbe85d5e734a2ed6e6832fa5c9aaef6acb5a67a5f40939d471e6914aaf

    • SSDEEP

      24576:EtA4KdTJeXSRhoVDNM3DuaXTnAD8J2uQkRQFaJPgHVICI369ZCOtQjHQbGr:ZdTcS/G6iaXrAD8J2ZkRQF7VPI36bCOO

    Score
    7/10
    upx

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx
    behavioral5

    • Target

      Aridek shit/pasted_null_driver.sys

    • Size

      14KB

    • MD5

      c93b1ea259115689dc4564c42138296f

    • SHA1

      0ff54eaffb6cbcb080c48fec1a3aeddc4f17a739

    • SHA256

      29bc8b56cd1750080f4714ac618f1326250e8778b451a84a4f11fd3c0954a6f3

    • SHA512

      97cf5908d60af19ad4e9377ddcd9df0ce4004226f9d50cebc5340f97bd01fe27667cfcad078345a48074b558702d4328bb8369fa8da5bd5238ddff0235e55073

    • SSDEEP

      192:3Ackk9PTzTCGibzU9I9mmOC1nSqf+DbFsGPeeQvKv1G+kfjmqdE:3r9PLxcUSEHcnRf+DbmGPl6qqdE

    Score
    1/10
    behavioral6

    • Target

      Aridek shit/pasted_spoofer_3.sys

    • Size

      17KB

    • MD5

      2ea59d20a2f2f77c3239e82ec3a913cd

    • SHA1

      6e2aace5f8f941f36bbd4e0f0cc587e1cd36e99d

    • SHA256

      2013425815fa78cb9240d3960a619a00e758d8e41e5cf9410bddd082b1c859c4

    • SHA512

      25dac1e951981a461226633539516fea236ab9ed9f3597d6623cdaf984f36502f07c85b9515cc640ed1731f6cb30100183f38a6ac041c5380e90392421c6969f

    • SSDEEP

      192:fLEPbewH1BVZYewzNZEc+Pb0Z7u6lFgMOcnTK:wPywvyzNmALlFnOce

    Score
    1/10
    behavioral7

    • Target

      Aridek shit/spoofer.sys

    • Size

      8KB

    • MD5

      c879d2a58aa3fa9f85c5d482fe5c216a

    • SHA1

      4b79c5419e89e9ce346082e105f79465231d7d23

    • SHA256

      0aaf411faadaba7419d6fc53a4e8190163619ca502946e8ad98b1e34b5d8188e

    • SHA512

      c54cac910e28e47493ab289eb78130219a2ad632280c95dcf28ada5e93800b26367a515572efa01f0cf5e5c785b00f98d9b931d9f7776f1cad919e16bfcda49d

    • SSDEEP

      192:ouJiD/KYvRfX/4b3ssYc8nKe+qn0LFzRh:r9Yebcs5XZ

    Score
    1/10
    behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Credential Access

Discovery

System Information Discovery

9
T1082

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Resource Development

Reconnaissance

Tasks