cerber

Sharing

Copy URL

Twitter E-mail

General

Target

UnBan Guide.rar
Size

1.9MB
Sample

240624-tq4nls1ejf
MD5

24bd3f976dbf9c33b9518f174ea22e4b
SHA1

d488000e7f16beaca5dc31746dac27dc08059815
SHA256

02d3b89a95b85e771778e723adf7d9bba0509047d00f43fc2e9f26188c88a16a
SHA512

ad6d322d51aa6230d7a3942f6c4033e78ca520980b215cb8d6fc2de1dc0ee5a69e0083fa28a84acf9bbf93f0e6bc9183913c4668d7bbf378e49603a8c1d3fef7
SSDEEP

49152:0SJehFcqHZDyXcRiaPbuCt0JdnSRbEU3dnyBUk:lJCFDdyszgKD3dno

Score

10^/10

Malware Config

Targets

- Target
  
  UnBan Guide/step 1/Download Revo Uninstaller.url
- Size
  
  153B
- MD5
  
  b8af8aa3d0d8003e486b3f952bafbaac
- SHA1
  
  d452237651cb4b04ea8ade827cbb3512f69c0f9d
- SHA256
  
  f6db928c42771e18d7795dab63dc991ec8d3dc371e8b4804d467f65ce11c607f
- SHA512
  
  a34972401cca357962507ac28907ad83eac902235f52608b77a1ee005032bbf5f76fbc65a2bead1d5cab85ff867641926a281a0fb3df145282bbd93e8de49b7f
Score

1^/10
behavioral1 behavioral2
- Target
  
  UnBan Guide/step 2/Registry Editor.lnk
- Size
  
  1KB
- MD5
  
  0e2092f136d0e7f155a6c688e34533dc
- SHA1
  
  33f71faf7585c7a4a450b91f794334f200bf15f7
- SHA256
  
  64aa810fa77628dc199f75f54dd764c142b0a479cdb62e24f853a707ca3a2db5
- SHA512
  
  8057d335d66ca0257d7c53b3fd681efbd9123c7c5cb955c1b49cbca243e8550cc5210de9044b4481c311873c28fd79ad79f1d32905b473005584631fe61c4f92
Score

7^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral3 behavioral4
- Target
  
  UnBan Guide/step 2/guid generator.url
- Size
  
  143B
- MD5
  
  dc2726585a60180658c2fb0714e436b8
- SHA1
  
  1568187c8c250ca83340f02d8df4695680a5b0ff
- SHA256
  
  21c4de7b2083d60d3f0d2f38e70d1b2a1e0049279b1ade9ba900a77d2e3a64e4
- SHA512
  
  5c495093a71613bbee9e83ca59155c43263274dd9bb83fb6d456ee4c23ed8e7bb11ea2ade66f1e18c83d33f03771ede3da80c50fc7c97809322487cd650f6ce9
Score

1^/10
behavioral5 behavioral6
- Target
  
  UnBan Guide/step 3/Change Disk IDs.cmd
- Size
  
  1KB
- MD5
  
  6346b33980b7d8946c1f0dba5cbfd7f9
- SHA1
  
  c42c97f649afa4b408d25e003277f89b4cdbe7d8
- SHA256
  
  282932d8caacf613b7167f674a84d320af5b9e253f21c8134c46ce25ff4bb07b
- SHA512
  
  bef23ec08e2e9623a1b8769c509726e36e8d91b23593d59f38a3c7848ea6d07b963728a33ba74cde6da27f1944ca06ed4dd58eed4c7456c0e5c942ae227c2320
Score

1^/10
behavioral7 behavioral8
- Target
  
  UnBan Guide/step 4/Change HWIDs.cmd
- Size
  
  2KB
- MD5
  
  f79a031d21d43d3293a56d6351070c36
- SHA1
  
  b51ec3847bdc77e15bcacdd8b5a0755de9ce0101
- SHA256
  
  74bfdf73031582b1e9431d72fb017a349f279f87d6dddcea63b0eee5c90c3545
- SHA512
  
  fb0bfd1eca976ed91aa45b5cec5f94fbb1fcf9e57634a25c5867ff5287dc14681533cb1467b850d23c9d719c32578d384dd18e3a4049af6aa8863548d724fbd3
Score

1^/10
behavioral10 behavioral9
- Target
  
  UnBan Guide/step 5/CRU.exe
- Size
  
  1.2MB
- MD5
  
  33ddbeafa1ef85263ff2de5f95b271ef
- SHA1
  
  a5736867ac8d2ce41f8600ff32e949c8b1825854
- SHA256
  
  8e151b2a680913f627052e18349fb9a4151c7b9ed7afa13b45df3923f450c8ab
- SHA512
  
  758c5cb44be54693361f7519f1c6d4468fc40b2603a3871c8da85b96b97668aae8850ce4319cac60dde22dd5cbf50121a804233782a4f2db22f6fe30ad41f13e
- SSDEEP
  
  24576:wR63SAdWjAvfArbdNBWQV4sU1FR5HcIT/FVAY+t+QzyTcO:GbdNAbc0o1Ec
Score

1^/10
behavioral11 behavioral12
- Target
  
  UnBan Guide/step 5/ignore/reset-all.exe
- Size
  
  51KB
- MD5
  
  3d47586c62bf61dac639d8cc1bf43ee7
- SHA1
  
  36f605e1fb7cae972c6723ded6a5f126f36a8d01
- SHA256
  
  70639c195430afb92799d711ed784406bfdfd04c648d5f3e4d9873da0063660b
- SHA512
  
  638a75c0159de8553e8071a68b5a4355bfc002489d9ed62bfbb1019d287073a555133bd4a55abd68c51b3e2a1616f586a26998ce32ade322cd72ffeab5ffe105
- SSDEEP
  
  768:Jd0XBRNU+hV81e14G8xGvMhBmqVHhc6ZrLy01fA5Egt2rHNZAEDFn27DQNE5B:b0XbeQ8xG0Kqjc6lLFfSortZBMDu8
Score

1^/10
behavioral13 behavioral14
- Target
  
  UnBan Guide/step 5/ignore/restart.exe
- Size
  
  63KB
- MD5
  
  8242ce426ad462eff02edae1487a6949
- SHA1
  
  9a4f382d427e0de729053535aaa3310cac5f087b
- SHA256
  
  b68ee265308dc9da7dbb521bb71238d27ac50a5ee816f21c13818393be982d7a
- SHA512
  
  aff43a78d29ede49eac386d9b0b44d0f37d5a20bdda8553369d68dec90bbc727c6dd8fe239987a9d2e3affaeff8b72b5023ed973d7aecfbb99de46dca8c99ef1
- SSDEEP
  
  768:xa+/MMnf2XivrjhmxEQSQIjDaGva2XaT+CSxKUAch9Itvo7vq2XFelWn2iED5Vx0:xa0wstmSpDaGS2RCSxK28otXFQwUx
Score

5^/10
- Drops file in System32 directory
behavioral15 behavioral16
- Target
  
  UnBan Guide/step 5/ignore/restart64.exe
- Size
  
  73KB
- MD5
  
  297aa19bade534a791d053ca190b74ad
- SHA1
  
  15cb6a33994f75fe9e30a2afbc8a7e4616b63962
- SHA256
  
  5f779bb822aedaf5bd11693cdf73f6c7c3342f37371a78c07c2aca1e15dbfd00
- SHA512
  
  df883950c598f31b81f22a68b2a9fed7459dcad5084ec6e39399658b0492bcc458d9fc5bb80fda6bc994bed3241f969fc67a0b8e021fb82b040455d64776c625
- SSDEEP
  
  1536:8vXMJl7uRupZzidl/T+Dnx86Rpy4roKsIrryeq3OTM:8vMJl6RAZu/T+7x8qpRM8rNcOTM
Score

5^/10
- Drops file in System32 directory
behavioral17 behavioral18
- Target
  
  UnBan Guide/step 6/1. Spoofer (RUN ME).bat
- Size
  
  3KB
- MD5
  
  f0b3b45759aca115f31f2aa16a942b6d
- SHA1
  
  5b0dbbfee935549167f2c89bdf8877ec61fb403d
- SHA256
  
  48ecb46f509169a6ab5a4c967fa8d9955b026478f3ab124c494b4eca1f79078b
- SHA512
  
  4f2a480c531385da8bf761ebc6c82b82ba9e293e770558c353b931009ba9bf57af184bb5b8de3df23fb1e707c06d431e0ada447c92b04214f5d6c92b3173089d
Score

10^/10

cerber evasion execution ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Stops running service(s)
  evasion execution
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral19 behavioral20
- Target
  
  UnBan Guide/step 6/2. SerialsChecker.bat
- Size
  
  573B
- MD5
  
  6a896cfd61884e9b42f78b270e5c22cf
- SHA1
  
  f228f1b281724015b9460969381af9a1afe06046
- SHA256
  
  5cd676d9bc7e707ad7e8dc48dabf9af733c81d1b836486ff5eb9d44cba788e46
- SHA512
  
  17982e060867e323fe83908b4735f44e5fc8353608c50f3c6e9ee5c3b97643045d764f21eb402b9b3fbee0e19669391b6eab6dc0bf28e92bb1fb4a898a668eb9
Score

1^/10
behavioral21 behavioral22
- Target
  
  UnBan Guide/step 6/AMIDEWINx64.EXE
- Size
  
  451KB
- MD5
  
  f17ecf761e70feb98c7f628857eedfe7
- SHA1
  
  b2c1263c641bdaee8266a05a0afbb455e29e240d
- SHA256
  
  311f5c844746d4270b5b971ccef8d74ddedca873eb45f34a1a55f1ea4a3bafcf
- SHA512
  
  e5a5f56a85ee0a372990914314b750d5f970b5f91e9084621d63378a3a16a6e64904786883cd026d8aa313606c32667d2a83703f8a22fa800230a6467684d084
- SSDEEP
  
  6144:Traq37wODH1cNaej2JMBO+1ObTq45kCNYczkF77TllFBYdHJz6:B7wsAKJMBAFNVkF77Rlz
Score

1^/10
behavioral23 behavioral24
- Target
  
  UnBan Guide/step 6/AMIFLDRV64.SYS
- Size
  
  29KB
- MD5
  
  f22740ba54a400fd2be7690bb204aa08
- SHA1
  
  5812387783d61c6ab5702213bb968590a18065e3
- SHA256
  
  65c26276cadda7a36f8977d1d01120edb5c3418be2317d501761092d5f9916c9
- SHA512
  
  ac1f89736cf348f634b526569b5783118a1a35324f9ce2f2804001e5a04751f8cc21d09bfa1c4803cd14a64152beba868f5ecf119f10fa3ccbe680d2fb481500
- SSDEEP
  
  384:qvOTI5HIPy54ygZOq0HMMKf69JG8QnuOfZFnJtQSZsHLPK6jjMYiWPFRUI5xl9Wn:qvsUoK54ZCMMb9U82uO7Jt6PKg4YHUc+
Score

1^/10
behavioral25 behavioral26
- Target
  
  UnBan Guide/step 6/Cleaner.bat
- Size
  
  6KB
- MD5
  
  86ba1c1072f4aa443fff2127ef7673be
- SHA1
  
  85faeff420ac5d2e98167801ffd2615a620f3b3b
- SHA256
  
  c84c9d99dfa2c138c91a70601ffb7dd31c8274f8f6099fbcb7468d72b0af77a7
- SHA512
  
  a43de29d3020fa3a601031a7ec3ba438725bb55f2b3170adab7599d5b609358df8f04a0c75ac0dc1a6079c6ce694428e8c41f29db6fe3efd22e48075d2e4c8c6
- SSDEEP
  
  96:TBXULDHRRpTd2ZVEERnRlJRhceRCJEykGwkaRMRbmzR51+BRIARS1XMrI:TBkHHjHmVtNNJYJEyZwlyVmzkBjUN
Score

5^/10
- Drops file in System32 directory
behavioral27 behavioral28
- Target
  
  UnBan Guide/step 6/DevManView.exe
- Size
  
  163KB
- MD5
  
  d22ceb6b43f721fe4e892fea6c8990e6
- SHA1
  
  3ad25b431280a0056579aeaacdf687bd8c3aa901
- SHA256
  
  9abdc7cdc19548ada451aee6caabe296957c050062991892e7d9787ff6e0bdef
- SHA512
  
  8c37d941c108172340697887529f3fdc430cdee31d1ff7501d4da7fa21183e8f02832651a99daa30908820b935798ae85e046374e70c1ea4802763edbe47ebc1
- SSDEEP
  
  3072:d4xZZydQqxFMqeq48iiXvK1YY8IkTLuX1VBJsHSnSa7J:Ajrqy8iovKmdulVlt
Score

6^/10
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Maps connected drives based on registry
  Disk information is often read in order to detect sandboxing environments.
behavioral29 behavioral30
- Target
  
  UnBan Guide/step 6/DeviceCleanupCmd.exe
- Size
  
  47KB
- MD5
  
  8eae1aec5f34e4a8e04a60075bcfb0f8
- SHA1
  
  a9af1c4eb6fb61a17a813b3bc788fce10c920007
- SHA256
  
  5ad34a00b0e6d471e4e0684f9ac996aa82cf837735053de0da72c1137c18115d
- SHA512
  
  a7ff2c81eb0cd757885bf767a1dcaef6681180cdabe0d477c680bef77312c25f102964931e8d3708d85cbca92a02b00eb0e35203a25b0ce4a16712e455fc68ff
- SSDEEP
  
  768:X6Vx0C9XkEITNnJGA9fxRmgcfLfD61UgvUuls4VFiRGp9E+sYv:X6v0C9p+NJGATH8LfW1UgvTls4VFioQi
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

T1569

Service Execution

T1569.002

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Drops file in System32 directory

Drops file in System32 directory

Stops running service(s)

Enumerates connected drives

Maps connected drives based on registry

Drops file in System32 directory

Enumerates connected drives

Maps connected drives based on registry

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32