cerber | a58b1f94ba24a2d7f06c2b7a9840243c4e1b75b1b580cf1ce4c5d9af69cedc85 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

tXauTiJr.exe

windows10-2004-x64

tXauTiJr.exe

windows11-21h2-x64

Sharing

General

Target

tXauTiJr.exe
Size

521KB
Sample

240903-hymvaa1alj
MD5

464c348f1bdf66a75c6b0d51256e916c
SHA1

fa7f683e451ab0a0c6c18a4dde7b9bbdde72ff27
SHA256

a58b1f94ba24a2d7f06c2b7a9840243c4e1b75b1b580cf1ce4c5d9af69cedc85
SHA512

cb07284fd3d33eef29f761fd0d044a9143b9e934eff49a625290c4da23580c1b0bb1f4cd9d5e574c698fbf791d13aa476be2a550baebb4f925ef019015710233
SSDEEP

6144:8a/Z+6VHFnEXbw2Y3h3NWqU/xdwpN8T4LUEDW9VXnHFudT7coWspLaIZ1ZT:8a/h8w2UNiX0gEOpnHFutV5n3

Score

10^/10

cerber defense_evasion ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

tXauTiJr.exe

Resource

win10v2004-20240802-en

cerber defense_evasion ransomware

windows10-2004-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

tXauTiJr.exe

Resource

win11-20240802-en

cerber defense_evasion ransomware

windows11-21h2-x64

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  tXauTiJr.exe
- Size
  
  521KB
- MD5
  
  464c348f1bdf66a75c6b0d51256e916c
- SHA1
  
  fa7f683e451ab0a0c6c18a4dde7b9bbdde72ff27
- SHA256
  
  a58b1f94ba24a2d7f06c2b7a9840243c4e1b75b1b580cf1ce4c5d9af69cedc85
- SHA512
  
  cb07284fd3d33eef29f761fd0d044a9143b9e934eff49a625290c4da23580c1b0bb1f4cd9d5e574c698fbf791d13aa476be2a550baebb4f925ef019015710233
- SSDEEP
  
  6144:8a/Z+6VHFnEXbw2Y3h3NWqU/xdwpN8T4LUEDW9VXnHFudT7coWspLaIZ1ZT:8a/h8w2UNiX0gEOpnHFutV5n3
Score

10^/10

cerber defense_evasion ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cerberdefense_evasionransomware

behavioral2

cerberdefense_evasionransomware

© 2018-2025

Terms | Privacy