Overview

overview

10

Static

static

3

tlxukw.exe

windows7-x64

8

tlxukw.exe

windows10-2004-x64

10

Resubmissions

18-02-2025 15:36

250218-s2ecessphn 8

18-02-2025 13:36

250218-qwfbes1kgj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tlxukw.bin

  • Size

    1.0MB

  • Sample

    250218-qwfbes1kgj

  • MD5

    82313dfe6f96318d2bad9d09e7da5992

  • SHA1

    ef8a3174da2e86da4360d0b5629eb7fbf7b6e0e0

  • SHA256

    3555b6ac9ca1e6926230398f45510da70f809ce11a15111a33c962af7d9ff5ec

  • SHA512

    dc0fc8c6927fc856c3cd96604ba9891a67903520914c8a67b294f8c048dbc561e377b00fffeed78dc02d7915590b2afa2deec859994f080d46299a0f202a1640

  • SSDEEP

    24576:ky14BInvdGh9DmvJhYRJhKK3mUqDH9BORt7orRnQxhLzhjzrue4D:ky14QU7DmvJ63mVwt7orRnQxhLNjzr8D

Score
10/10
cerberdefense_evasionexecutionpersistenceprivilege_escalationransomware

Malware Config

Targets

    • Target

      tlxukw.bin

    • Size

      1.0MB

    • MD5

      82313dfe6f96318d2bad9d09e7da5992

    • SHA1

      ef8a3174da2e86da4360d0b5629eb7fbf7b6e0e0

    • SHA256

      3555b6ac9ca1e6926230398f45510da70f809ce11a15111a33c962af7d9ff5ec

    • SHA512

      dc0fc8c6927fc856c3cd96604ba9891a67903520914c8a67b294f8c048dbc561e377b00fffeed78dc02d7915590b2afa2deec859994f080d46299a0f202a1640

    • SSDEEP

      24576:ky14BInvdGh9DmvJhYRJhKK3mUqDH9BORt7orRnQxhLzhjzrue4D:ky14QU7DmvJ63mVwt7orRnQxhLNjzr8D

    Score
    10/10
    defense_evasionexecutioncerberpersistenceprivilege_escalationransomware

    • Cerber

      Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

      ransomwarecerber

    • Cerber family

      cerber

    • Downloads MZ/PE file

    • Stops running service(s)

      defense_evasionexecution

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks