General
-
Target
https://github.com/paysonism/FN-TOOLZ/blob/main/applecleaner.exe
-
Sample
250122-wfb7qaxpfv
Score
10/10
Malware Config
Targets
-
-
Target
https://github.com/paysonism/FN-TOOLZ/blob/main/applecleaner.exe
Score10/10-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Cerber family
-
Disables service(s)
-
Server Software Component: Terminal Services DLL
-
Stops running service(s)
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Component Object Model Hijacking
1Server Software Component
1Terminal Services DLL
1Privilege Escalation
Create or Modify System Process
2Windows Service
2Event Triggered Execution
1Component Object Model Hijacking
1