cerber | 2166d772e82772104d208ec9bf6ee32f878c0af766b14606eb0861a9947e78d1 | Triage

Submit
Reports

Overview

overview

Static

static

3

temp.exe

windows10-2004-x64

Sharing

General

Target

temp.exe
Size

13.8MB
Sample

241016-qckrss1brg
MD5

7ca7039579e44b8764788ae3d1b92060
SHA1

0aaf9b691b1446ecb5d141318126ec45cc270116
SHA256

2166d772e82772104d208ec9bf6ee32f878c0af766b14606eb0861a9947e78d1
SHA512

99f711f1ae9771886d94e6419590522b916a50e6cfd614c34beb9e04d46cadcb374fc71aeaaec5af681d675e5efd21de159a22407e8bdde9a505ee6383c3943d
SSDEEP

393216:R7Db0jzEGZXIo5IAqBWeDbvFjCPcTB41HHg:RDbNCTJiv9CPKBog

Score

10^/10

cerber discovery persistence privilege_escalation ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

temp.exe

Resource

win10v2004-20241007-en

cerber discovery persistence privilege_escalation ransomware

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  temp.exe
- Size
  
  13.8MB
- MD5
  
  7ca7039579e44b8764788ae3d1b92060
- SHA1
  
  0aaf9b691b1446ecb5d141318126ec45cc270116
- SHA256
  
  2166d772e82772104d208ec9bf6ee32f878c0af766b14606eb0861a9947e78d1
- SHA512
  
  99f711f1ae9771886d94e6419590522b916a50e6cfd614c34beb9e04d46cadcb374fc71aeaaec5af681d675e5efd21de159a22407e8bdde9a505ee6383c3943d
- SSDEEP
  
  393216:R7Db0jzEGZXIo5IAqBWeDbvFjCPcTB41HHg:RDbNCTJiv9CPKBog
Score

10^/10

cerber discovery persistence privilege_escalation ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Executes dropped EXE
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

Accessibility Features

Privilege Escalation

Event Triggered Execution

Accessibility Features

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

cerberdiscoverypersistenceprivilege_escalationransomware

© 2018-2025

Terms | Privacy