cerber

Sharing

Copy URL

Twitter E-mail

General

Target

Aridek_shit.rar
Size

5.9MB
Sample

240424-rmcdvabc98
MD5

ec250349e4bb83b69e3cddfec0c9156f
SHA1

977acc4acdaf618a33e7d24d40b3fa0c306b596d
SHA256

1ef9f6f47ce297fa50fe714562d32ec98773acddeec5b17b956e6d4b94bbd14f
SHA512

d9d41e092e18c7694eaef0b81f60f0de74074856d7ac96f2b761be7019859a2021cf31152612fff0ba4dfe0553e7ef4957d62a3abe54f09532b5af677e5dd339
SSDEEP

98304:b/tzC74et9blH8ovXltNq5MbYgxKK1koUlK/o2tjYcJ2g8PYg+zjnAZeTJbRUXBz:7glH823kSkKYcJWYpXAZeVbRUx0+2Rz0

Score

10^/10

Malware Config

Targets

- Target
  
  Aridek shit/SpoofShit1.exe
- Size
  
  664KB
- MD5
  
  35cde0271493c188cfd476da17635f5c
- SHA1
  
  cba29bbebe1944b1c2d98b5eee4dcef36a1f18bc
- SHA256
  
  9f4ce08e8553b1690ffcf43f1d1a98091a8336e4bc4962f341872956b0e04bf7
- SHA512
  
  ba13d8cab4c56040cbae4d054f01207d3cbe25a385728514d37b84bcb0c51d0a278b36807215118a70c01d4ad8b30e62f42385314b415ed1c35061251145c8ed
- SSDEEP
  
  12288:ztzE5elwLz9Trs5inhWX/CmD1KghybW9OJmcqf+FNBkMdjzZprxqdAF:ztA4KdTA5jXbDo+ybW9OJmcqfgNTzTF3
Score

7^/10

upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  Aridek shit/SpoofShit2.exe
- Size
  
  1.1MB
- MD5
  
  980ec9e44ba9ad605cfc829108a4b0fd
- SHA1
  
  bbc735e5e8bed45b71ff3c6f53a082b06dad8b60
- SHA256
  
  79e1577798e3c7a0df48ad7ff147a1636baa7a5fc9c5f4a7cbce878ba85ed506
- SHA512
  
  69d6dff6a9ec99343cfc8ce2f1032457b6c884351464c448258247242441e22816fc89990df592837feae7dc760f376d2b16bc0cf46180e17a3ed46a3a247f4e
- SSDEEP
  
  24576:OtA4KdTQiBtg9ddxcj9XUcw72X4bD82EUCmNWi2HZ:PdTP4dxiSNyX2LymWiOZ
Score

7^/10

upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2
- Target
  
  Aridek shit/SpoofShit3.exe
- Size
  
  2.0MB
- MD5
  
  65456cbd4e361f409addd27576c428e9
- SHA1
  
  d41436b4897a99af94acea0dc74ec9a1ecc2ecd4
- SHA256
  
  dffb43586f828825233a655db21e887805b58c008f24aa24012d4992c9b3858f
- SHA512
  
  b0d903aae7aaf52b3c1bf5969c99f7b8a693f76498476583e2c3309c7aad2afd577be59fb4e6b797863177e43f141e17b8381be9ba68088f6c43f26483c50ebb
- SSDEEP
  
  49152:ndTLEJZg/QrotMh3YQgWtIczlAKNUYo3md76vGWDSY:JEv+QrSMh3LRWK3wmdG+6
Score

10^/10

cerber ransomware upx
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops file in System32 directory
behavioral3
- Target
  
  Aridek shit/SpoofShit4.exe
- Size
  
  1.1MB
- MD5
  
  8029a358e207c6bcbbdb3758b1562fef
- SHA1
  
  6327a7b2a38e77a025f21f645b912abcc1c7a80b
- SHA256
  
  a0140e7fd03531cb2185c8ac6501172e42c3cf2f0b26d2415200e0051701d4c6
- SHA512
  
  69ee949643a663e4e24db66a91f0e960c0bd65d89db0dfb7edcd40152fdb913c955d39e522df527dffe7463b778a8f9812345ca1591489c2db33ede266441f56
- SSDEEP
  
  24576:OtA4KdTeDUbJWtenvHxcaFNoAN76B3Q19Voo7znR6pl/xbS:PdTUUbJWwnfxc+SAY+9uo3nR6plJbS
Score

7^/10

upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral4
- Target
  
  Aridek shit/kdu-mapper.exe
- Size
  
  1.4MB
- MD5
  
  220da3c39ef91e9eedcc65ff4815276d
- SHA1
  
  3a764f42205c7166618f831168c3cfb20b8f37f6
- SHA256
  
  ad6402f149f2802a71b02c4f6fc6c695624c869b5fe8d7ed212606174230b1f4
- SHA512
  
  d4caa7296d86505dbe36853d3d1d836cb85260bc2c72b368b7a45fb004cef33498b7f1fbe85d5e734a2ed6e6832fa5c9aaef6acb5a67a5f40939d471e6914aaf
- SSDEEP
  
  24576:EtA4KdTJeXSRhoVDNM3DuaXTnAD8J2uQkRQFaJPgHVICI369ZCOtQjHQbGr:ZdTcS/G6iaXrAD8J2ZkRQF7VPI36bCOO
Score

7^/10

upx
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral5
- Target
  
  Aridek shit/pasted_null_driver.sys
- Size
  
  14KB
- MD5
  
  c93b1ea259115689dc4564c42138296f
- SHA1
  
  0ff54eaffb6cbcb080c48fec1a3aeddc4f17a739
- SHA256
  
  29bc8b56cd1750080f4714ac618f1326250e8778b451a84a4f11fd3c0954a6f3
- SHA512
  
  97cf5908d60af19ad4e9377ddcd9df0ce4004226f9d50cebc5340f97bd01fe27667cfcad078345a48074b558702d4328bb8369fa8da5bd5238ddff0235e55073
- SSDEEP
  
  192:3Ackk9PTzTCGibzU9I9mmOC1nSqf+DbFsGPeeQvKv1G+kfjmqdE:3r9PLxcUSEHcnRf+DbmGPl6qqdE
Score

1^/10
behavioral6
- Target
  
  Aridek shit/pasted_spoofer_3.sys
- Size
  
  17KB
- MD5
  
  2ea59d20a2f2f77c3239e82ec3a913cd
- SHA1
  
  6e2aace5f8f941f36bbd4e0f0cc587e1cd36e99d
- SHA256
  
  2013425815fa78cb9240d3960a619a00e758d8e41e5cf9410bddd082b1c859c4
- SHA512
  
  25dac1e951981a461226633539516fea236ab9ed9f3597d6623cdaf984f36502f07c85b9515cc640ed1731f6cb30100183f38a6ac041c5380e90392421c6969f
- SSDEEP
  
  192:fLEPbewH1BVZYewzNZEc+Pb0Z7u6lFgMOcnTK:wPywvyzNmALlFnOce
Score

1^/10
behavioral7
- Target
  
  Aridek shit/spoofer.sys
- Size
  
  8KB
- MD5
  
  c879d2a58aa3fa9f85c5d482fe5c216a
- SHA1
  
  4b79c5419e89e9ce346082e105f79465231d7d23
- SHA256
  
  0aaf411faadaba7419d6fc53a4e8190163619ca502946e8ad98b1e34b5d8188e
- SHA512
  
  c54cac910e28e47493ab289eb78130219a2ad632280c95dcf28ada5e93800b26367a515572efa01f0cf5e5c785b00f98d9b931d9f7776f1cad919e16bfcda49d
- SSDEEP
  
  192:ouJiD/KYvRfX/4b3ssYc8nKe+qn0LFzRh:r9Yebcs5XZ
Score

1^/10
behavioral8

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

T1070

File Deletion

T1070.004

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

T1490

Tasks

Sharing

General

Malware Config

Targets

Executes dropped EXE

UPX packed file

Executes dropped EXE

UPX packed file

Deletes shadow copies

Executes dropped EXE

UPX packed file

Drops file in System32 directory

Executes dropped EXE

UPX packed file

Executes dropped EXE

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8