General
-
Target
Wolf_Woofer_FREE v3.7.exe
-
Size
1.6MB
-
Sample
250325-ajn5ssysh1
-
MD5
23119593e91f22d4a585f26d0363d968
-
SHA1
83aca1d89f48fcc5537daa2c958cb29411958c6a
-
SHA256
d16a7994d5bb51ea77a2dee74c09cd8ad23d6f812372e17c216c34ba6cf23826
-
SHA512
7002a39052466cf7ff29484d94f5321b8965615efb4f8fe691a829ef48719366f43ea20e1158dff43e9113f22f64b52f48ba6fe57e42a87e3dea8ded31593a7a
-
SSDEEP
49152:ZomiJqMHLl1b1uHIY/NmDDBGs5KGLhUlC2GQvPb:5iJXf8HT/NGDB1/2r
Malware Config
Targets
-
-
Target
Wolf_Woofer_FREE v3.7.exe
-
Size
1.6MB
-
MD5
23119593e91f22d4a585f26d0363d968
-
SHA1
83aca1d89f48fcc5537daa2c958cb29411958c6a
-
SHA256
d16a7994d5bb51ea77a2dee74c09cd8ad23d6f812372e17c216c34ba6cf23826
-
SHA512
7002a39052466cf7ff29484d94f5321b8965615efb4f8fe691a829ef48719366f43ea20e1158dff43e9113f22f64b52f48ba6fe57e42a87e3dea8ded31593a7a
-
SSDEEP
49152:ZomiJqMHLl1b1uHIY/NmDDBGs5KGLhUlC2GQvPb:5iJXf8HT/NGDB1/2r
Score10/10-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Cerber family
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1