cerber | 22f86114e96d76269950437cdfc739f306212e056f3074a7eadca2249a453554 | Triage

Submit
Reports

Overview

overview

Static

static

3

loader2.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Release.7z
Size

4.8MB
Sample

241123-nl7a2szqap
MD5

77b34b182584513749190192ae656255
SHA1

5d329686875aad8e604607279483ae1c14551457
SHA256

22f86114e96d76269950437cdfc739f306212e056f3074a7eadca2249a453554
SHA512

350f6592507f121563d94c47b7545a47f4c924c00ba7b7e3f26015cb097139fdc961e902574e307a25cbc80f5dff6ec04bb2837266e1fa225c922ff153f0e061
SSDEEP

98304:2UL/BN3T5I/luxBcfep8HEG28ei7Mh/GM6nyowiNa:bJNqtD2p8T2iAhEwiNa

Score

10^/10

cerber discovery persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

loader2.exe

Resource

win10ltsc2021-20241023-en

cerber discovery persistence ransomware

windows10-ltsc 2021-x64

14 signatures

150 seconds

Malware Config

Targets

- Target
  
  loader2.exe
- Size
  
  5.1MB
- MD5
  
  6ea0593fab4395417d480dbc64ddf47a
- SHA1
  
  34ba288ee9b8edca1b1f1ae0a19c9c61cf772384
- SHA256
  
  339799c1d7542cd04c572ba78d4e847b96333f5bf1435686e5f377b219448b79
- SHA512
  
  c5f7957a4366053b673d7b17ddbb52173b57110668913b9a0e64702cc50f4159070aaa79cd23a4f480091625f77d90718a85ba393380f219910652a2d21fd5c3
- SSDEEP
  
  98304:cGCd7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6KlRPJ:fx+y4ihkl/Wo/afHPgRB
Score

10^/10

cerber discovery persistence ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Cerber family
  cerber
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cerberdiscoverypersistenceransomware

© 2018-2024

Terms | Privacy