Overview
overview
9Static
static
31Loader By....4.exe
windows7-x64
91Loader By....4.exe
windows10-2004-x64
9AdbWinApi.dll
windows7-x64
3AdbWinApi.dll
windows10-2004-x64
3D3DX9_43.dll
windows7-x64
1D3DX9_43.dll
windows10-2004-x64
1msvcp140d.dll
windows7-x64
1msvcp140d.dll
windows10-2004-x64
1ucrtbased.dll
windows10-2004-x64
1vcruntime140_1d.dll
windows7-x64
1vcruntime140_1d.dll
windows10-2004-x64
1vcruntime140d.dll
windows7-x64
1vcruntime140d.dll
windows10-2004-x64
1General
-
Target
LoaderCerberusVIP.rar
-
Size
78.7MB
-
Sample
241031-xscjpa1jgx
-
MD5
d79a22c91816897db66bf1035a1bc585
-
SHA1
1bb75f7d7f80aef05f98596b92ba393414b94716
-
SHA256
945bf08a9fb25a834da26364960b1d3caeba019b80b7e1f3ce4220b567c85631
-
SHA512
48ea0d498b56761254f2e14892d901fcbe718251d6e4bab8d7d7cb8b02c6bc253e5813bc9b621fc30f587b710b6cca45b2399c20028739ab72005f917a10e5ed
-
SSDEEP
1572864:OIdVABMBNVHcktVmn6LuhXAoS1LG6L8SrGvaQn+ftGi7KP:Oe7VXtVmnWuclGxSO5+ftGvP
Static task
static1
Behavioral task
behavioral1
Sample
1Loader Bypass VIP 3.4.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
1Loader Bypass VIP 3.4.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
AdbWinApi.dll
Resource
win7-20240903-en
Behavioral task
behavioral4
Sample
AdbWinApi.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
D3DX9_43.dll
Resource
win7-20241010-en
Behavioral task
behavioral6
Sample
D3DX9_43.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
msvcp140d.dll
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
msvcp140d.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
ucrtbased.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral10
Sample
vcruntime140_1d.dll
Resource
win7-20240903-en
Behavioral task
behavioral11
Sample
vcruntime140_1d.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral12
Sample
vcruntime140d.dll
Resource
win7-20240903-en
Behavioral task
behavioral13
Sample
vcruntime140d.dll
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
1Loader Bypass VIP 3.4.exe
-
Size
30.6MB
-
MD5
a13004e5c12b677cda08b43fa256fdf4
-
SHA1
aba4dea9806ae25cb9cfafc52fb863fa161db868
-
SHA256
7d64934a49d0947b234084ac1d4c2c6c7bdf5a4c5146f255d5570d8b24ed4aa3
-
SHA512
f187f7fe571b5ba47c3ab75de9d797af9ed8c988870d0dcbc165783107b30981457e3708fe89d8ab0b08f18ef8df3d23a064d947d244061f37809f5fc691b0f9
-
SSDEEP
786432:k2A6xqW4cLV92MtIeBzj0hlsUBPiB9VlsDioXauEHm+iEtWCwjob:46sW4cV92MtI2vKBPipyDnKuEHzWH0b
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
AutoIT Executable
AutoIT scripts compiled to PE executables.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
AdbWinApi.dll
-
Size
104KB
-
MD5
3087f2106433219a76510241bff024b3
-
SHA1
2cd243dcc5158b7e17df3b8f9c901ab8e8ee3512
-
SHA256
74df4d288dcd7bae1f5ebe7d60236fc4b7b16d3959e1041321880e0ac405b19e
-
SHA512
f652436d0d5550801e91958e8e68afc8bf9074fdbaed856b6f8440932ee801304b9aed5b9ab47a4434e3970108c9e84fac1a15fa64aacec71c29008ff4c0dde0
-
SSDEEP
1536:apCxybY0FS6MqS6WvgD9xj03TabrFvY5J6sCGtdjk:apo0k6ZWVTaif6sCGX4
Score3/10 -
-
-
Target
D3DX9_43.dll
-
Size
2.3MB
-
MD5
7160fc226391c0b50c85571fa1a546e5
-
SHA1
2bf450850a522a09e8d1ce0f1e443d86d934f4ad
-
SHA256
84b900dbd7fa978d6e0caee26fc54f2f61d92c9c75d10b35f00e3e82cd1d67b4
-
SHA512
dfab0eaab8c40fb80369e150cd36ff2224f3a6baf713044f47182961cd501fe4222007f9a93753ac757f64513c707c68a5cf4ae914e23fecaa4656a68df8349b
-
SSDEEP
49152:dbCJsk4VlPXA+15Om5wxw9Qsi55K+31BhZ64nW:YIIBnW
Score1/10 -
-
-
Target
msvcp140d.dll
-
Size
977KB
-
MD5
37dc8cc78ecbcd12f27e665b70baefa7
-
SHA1
46fb9910cc10c4c0c52b547700e1950ce233be89
-
SHA256
b53add5b7bd6bb11fecc7be159885d0b75736d02423c11edc6eeb6f4bea80f6c
-
SHA512
078b0b408510c07eac85518f03a9e3fac8e4c8e2e36ccb8cd26962498c7f5bedbd79f7034af3ebfef9984f85d81c9032446b1b5c156b2174a769657ea0ab60a1
-
SSDEEP
24576:NWJjEJM48ZDBXci9fHQEKZm+jWodEEw9N2:NWJjd48rJw
Score1/10 -
-
-
Target
ucrtbased.dll
-
Size
1.7MB
-
MD5
c3130cfb00549a5a92da60e7f79f5fc9
-
SHA1
56c2e8fb1af609525b0f732bb67b806bddab3752
-
SHA256
eee42eabc546e5aa760f8df7105fcf505abffcb9ec4bf54398436303e407a3f8
-
SHA512
29bab5b441484bdfac9ec21cd4f0f7454af05bfd7d77f7d4662aeaeaa0d3e25439d52aa341958e7896701546b4a607d3c7a32715386c78b746dfae8529a70748
-
SSDEEP
24576:JUV0C8E3W4JoceLErS6P0qoc6uoPrT5PgVBHmaw+zrGOzli7Gi0m9ZRXyYk:i8/B90ozghlGJ7js
Score1/10 -
-
-
Target
vcruntime140_1d.dll
-
Size
58KB
-
MD5
868fd5f1ab2d50204c6b046fe172d4b8
-
SHA1
f2b43652ef62cba5f6f04f32f16b6b89819bc978
-
SHA256
104e5817ece4831e9989d8937c8dfe55d581db6b5bc8e22a1b492ca872eda70e
-
SHA512
402a0402b318539f26eac2fcd890700d2103f8eabd4b5289b64e2cdb5c30f4bb2b18f342c8a1ecc2cafb3f1d4258387a5300f9a86056f27b176b3fe995f9fc9d
-
SSDEEP
768:BoKFGMoBcNmO1Um5Y/tHvzvlurMiqWJ8XAG:+KcM3m05IHT+nyl
Score1/10 -
-
-
Target
vcruntime140d.dll
-
Size
128KB
-
MD5
f57fb935a9a76e151229f547c2204bba
-
SHA1
4021b804469816c3136b40c4ceb44c8d60ed15f5
-
SHA256
a77277af540d411ae33d371cc6f54d7b0a1937e0c14db7666d32c22fc5dca9c0
-
SHA512
cd9fc3fc460eba6a1b9f984b794940d28705ecb738df8595c2341abe4347141db14a9ff637c9f902e8742f5c48bbb61da7d5e231cc5b2bad2e8746c5a3e3e6ed
-
SSDEEP
1536:QB6NlnzaWMj6FBknM+eHLEQE9gHAWdwfP5sd4Sohg7vMHvqZecb399R0BqZEBFP:QBYl5MOcM1HAb1wM0ecb39/0BqZEjP
Score1/10 -