cerber | 7530c600f4383c5e3da3633c55acbeff7165284c66d63f76b2fa23f63be98c7c | Triage

Submit
Reports

Overview

overview

Static

static

3

loader3.exe

windows10-ltsc 2021-x64

Sharing

General

Target

Release.7z
Size

4.8MB
Sample

241123-nzxc1atrc1
MD5

8ab1b076aac127baee30a1b7f156dad1
SHA1

106e1526443104c603d6cb7beabbcfab0fed2a42
SHA256

7530c600f4383c5e3da3633c55acbeff7165284c66d63f76b2fa23f63be98c7c
SHA512

60dfa7e542a0ca28b9b0d059d01e31826ca0bf1c81078a7a6f2cd1563a32b2d2b15dbff729f491999255fa97d662e2ed782b10a8f176557cefffa70f8c477361
SSDEEP

98304:g1aZNEgNBT8f/Q6xsvfTUlVJNGZ8270Oh+RlmYgCD6ix0f:eaZNyoF70ViZHfEg3a8

Score

10^/10

cerber discovery persistence ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

loader3.exe

Resource

win10ltsc2021-20241023-en

cerber discovery persistence ransomware

windows10-ltsc 2021-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  loader3.exe
- Size
  
  5.1MB
- MD5
  
  c0eaf986045e7421f9325bd3b0fdf6b3
- SHA1
  
  64e2b75bb9a8a8539ba3429dda7a6c6e9f7afa03
- SHA256
  
  364e54c5fc2da5c8836848d986911c4ceae73c5ed6b0aad325cae8372899f599
- SHA512
  
  b76ceabe07cb4c09bbeff0cb87356b9a68ccce7ddc344ae760ced63558db778ac42427c202f98a301d7a27e44eb769afaf6490fab53605c3a145673079bf5b9e
- SSDEEP
  
  98304:uGCd7m+ij9HD0+jCihNRkl/W6aG/wcKnfu8NUT6KlRPJ:Rx+y4ihkl/Wo/afHPgRB
Score

10^/10

cerber discovery persistence ransomware
- Cerber
  Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
  ransomware cerber
- Cerber family
  cerber
- Drops file in Drivers directory
- Sets service image path in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

cerberdiscoverypersistenceransomware

© 2018-2024

Terms | Privacy