cerber | 2ba3caaba8ddeae1e33ec188c3c4ae322b856b44e0caabeb8909c661c668e6e5 | Triage

Submit
Reports

Overview

overview

Static

static

3

Peki V4.exe

windows11-21h2-x64

Sharing

General

Target

Peki V4.exe
Size

548KB
Sample

240425-v6tzsadb85
MD5

3d3e8bc1bd5265a4f35da0b594d60fbf
SHA1

27ae0bb3399f9178f272258a4a9153d5af6aea56
SHA256

2ba3caaba8ddeae1e33ec188c3c4ae322b856b44e0caabeb8909c661c668e6e5
SHA512

d41707d765f93b0790887a1351c72584356146c1d02e8fd1009739404d34b329d6abb538e1fd9f28161ed0e229a1259460655232676109f081cc14a0022f2b05
SSDEEP

12288:TTPUCQSmbfMcsgJqyE/KWcRTTjyRrh3sb3H:TTPLmrMZ8WcJHyzcrH

Score

10^/10

cerber evasion persistence ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Peki V4.exe

Resource

win11-20240412-en

cerber evasion persistence ransomware spyware stealer

windows11-21h2-x64

32 signatures

600 seconds

Malware Config

Targets

- Target
  
  Peki V4.exe
- Size
  
  548KB
- MD5
  
  3d3e8bc1bd5265a4f35da0b594d60fbf
- SHA1
  
  27ae0bb3399f9178f272258a4a9153d5af6aea56
- SHA256
  
  2ba3caaba8ddeae1e33ec188c3c4ae322b856b44e0caabeb8909c661c668e6e5
- SHA512
  
  d41707d765f93b0790887a1351c72584356146c1d02e8fd1009739404d34b329d6abb538e1fd9f28161ed0e229a1259460655232676109f081cc14a0022f2b05
- SSDEEP
  
  12288:TTPUCQSmbfMcsgJqyE/KWcRTTjyRrh3sb3H:TTPLmrMZ8WcJHyzcrH
Score

10^/10

cerber evasion persistence ransomware spyware stealer
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Nirsoft
- Modifies Installed Components in the registry
  persistence
- Stops running service(s)
  evasion
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Legitimate hosting services abused for malware hosting/C2
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Create or Modify System Process

Windows Service

Defense Evasion

Modify Registry

Impair Defenses

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Web Service

Impact

Service Stop

Resource Development

Reconnaissance

Tasks

static1

behavioral1

cerberevasionpersistenceransomwarespywarestealer

© 2018-2024

Terms | Privacy