Overview

overview

10

Static

static

9

2m9EebzOkb...Hn.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2m9EebzOkbHURokfcBMtam2Hn.exe

  • Size

    7.4MB

  • Sample

    250131-sz2pyazjh1

  • MD5

    e0bb58d5850258392975b0e37001d00b

  • SHA1

    85552711e0b75d3d11db9d67108462c16d25976a

  • SHA256

    01a7f0b5b9e7da691d83e7c37b2e6a3803a5f1afe844cabcf1f2f793d7e69a66

  • SHA512

    236ed37759edd5b031a50eef3fb0998fdc02aab9bd76044a27c31daaf3cd89e6e30d2c8e6427493feb618c5d0ee22db09a2a767a457841fdb1a0cffd71590848

  • SSDEEP

    98304:SQUB/62k9Z8Lh7Pd8zSwyNY/Usnahy84YDzKrxXtYF1I42wq/HHv/dt6p:SQI/61ZSBuKYcsnahiU+Do121nv/dwp

Score
10/10
cerberdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationransomwarespywarestealer

Malware Config

Targets

    • Target

      2m9EebzOkbHURokfcBMtam2Hn.exe

    • Size

      7.4MB

    • MD5

      e0bb58d5850258392975b0e37001d00b

    • SHA1

      85552711e0b75d3d11db9d67108462c16d25976a

    • SHA256

      01a7f0b5b9e7da691d83e7c37b2e6a3803a5f1afe844cabcf1f2f793d7e69a66

    • SHA512

      236ed37759edd5b031a50eef3fb0998fdc02aab9bd76044a27c31daaf3cd89e6e30d2c8e6427493feb618c5d0ee22db09a2a767a457841fdb1a0cffd71590848

    • SSDEEP

      98304:SQUB/62k9Z8Lh7Pd8zSwyNY/Usnahy84YDzKrxXtYF1I42wq/HHv/dt6p:SQI/61ZSBuKYcsnahiU+Do121nv/dwp

    Score
    10/10
    cerberdefense_evasiondiscoveryexecutionpersistenceprivilege_escalationransomwarespywarestealer

    • Cerber

      Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

      ransomwarecerber

    • Cerber family

      cerber

    • Sets service image path in registry

      persistence

    • Stops running service(s)

      defense_evasionexecution

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

System Services

1
T1569

Service Execution

1
T1569.002

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Create or Modify System Process

1
T1543

Windows Service

1
T1543.003

Event Triggered Execution

1
T1546

Netsh Helper DLL

1
T1546.007

Defense Evasion

Impair Defenses

1
T1562

Modify Registry

3
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

2
T1082

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Service Stop

1
T1489

Tasks