MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 078de7d019f5f1e546aa29af7123643bd250341af71506e6256dfee8f245a2a7. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Cerber

Vendor detections: 13

Intelligence 13 IOCs YARA File information Comments

SHA256 hash:	078de7d019f5f1e546aa29af7123643bd250341af71506e6256dfee8f245a2a7
SHA3-384 hash:	3f5a88d4fdb2396783c656d50d3acf9f722eb772bdba233708e705a7fc7fc6c2f7c6ff1c3c62663c1b23a2100584b3ea
SHA1 hash:	9751d0f4df34bdfa97b380dbf2f082d8171bb0d4
MD5 hash:	1663e8b6180030793b432b0829222536
humanhash:	finch-island-pennsylvania-vermont
File name:	078de7d019f5f1e546aa29af7123643bd250341af71506e6256dfee8f245a2a7.bin
Download:	download sample
Signature	Cerber Create hunting rule
File size:	772'096 bytes
First seen:	2022-01-08 23:02:56 UTC
Last seen:	2022-01-09 00:47:31 UTC
File type:	exe
MIME type:	application/x-dosexec
imphash	7356353e737f66f09abf3c6b64e34146 (1 x Cerber)
ssdeep	12288:7tG9VAdkXKy900ZW9Fiwv+OeO+OeNhBBhhBBNaJqE6/Ix0fpL0qZ+WJEglNsTVZF:c9unCaJq5AafpL9+JsWF
Threatray	3 similar samples on MalwareBazaar
TLSH	T13DF49D32B7D3E273DA5224F04D6D664E6439F4260B255BE7F7D80B2E8E305D10E316AA
Reporter	Arkbird_SOLG
Tags:	Cerber Cerber2021 exe Ransomware

Intelligence

File Origin

# of uploads :

# of downloads :

1'175

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

078de7d019f5f1e546aa29af7123643bd250341af71506e6256dfee8f245a2a7.bin

Verdict:

Malicious activity

Analysis date:

2022-01-08 23:05:09 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/818a91b9-9137-4a33-ad05-904fbd99006c

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

Locked

Link:

https://www.capesandbox.com/analysis/217858/

Detection(s):

SecuriteInfo.com.Heur.Ransom.RTH.1.13737.6444.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Searching for the window

Creating a file

Creating a file in the Windows subdirectories

Changing a file

Deleting a recently created file

Modifying an executable file

DNS request

Creating a file in the mass storage device

Encrypting user's files

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/3881/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionQueryPerformanceCounter

EvasionGetTickCount

CheckCmdLine

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

avaddon control.exe filecoder greyware lockergoga ransomware shell32.dll

Link:

https://www.filescan.io/uploads/61da182a02e388f9fdb8133a/reports/216e3554-ae69-4fe8-9bf1-2f143a51967b/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Cerber 2021

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/31b83478-d9cb-44c1-933b-e347fbb7d57f

Result

Threat name:

Cerber

Detection:

malicious

Classification:

rans.evad

Score:

68 / 100

Link:

https://www.joesandbox.com/analysis/917197

Signature

Creates files in the recycle bin to hide itself

Found Tor onion address

Multi AV Scanner detection for submitted file

Writes many files with high entropy

Yara detected Cerber ransomware

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/078de7d019f5f1e546aa29af7123643bd250341af71506e6256dfee8f245a2a7/

Threat name:

Win32.Ransomware.LockerGoga

Status:

Malicious

First seen:

2022-01-05 20:34:37 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

24 of 43 (55.81%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=a6g6puaz6xy6krvkfgxxci3ehpjfana264kqnzrfnx7or4sfuktq._file

Verdict:

malicious

Cerber

d46c959ad4533ab052f2886a2f87b804968b82403df06b2cd86d8eb19c8054fd

Cerber

eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86

Cerber

Result

Malware family:

n/a

Score:

10/10

Tags:

ransomware spyware stealer

Link:

https://tria.ge/reports/220108-21nzxadfhm/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Drops file in Program Files directory

Drops desktop.ini file(s)

Deletes itself

Drops startup file

Reads user/profile data of web browsers

Modifies extensions of user files

Unpacked files

SH256 hash:

078de7d019f5f1e546aa29af7123643bd250341af71506e6256dfee8f245a2a7

MD5 hash:

1663e8b6180030793b432b0829222536

SHA1 hash:

9751d0f4df34bdfa97b380dbf2f082d8171bb0d4

Link:

https://www.unpac.me/results/6d2abf21-5961-4561-9990-645adf4e3af3/

Verdict:

Malicious

Link:

https://www.vmray.com/analyses/078de7d019f5/report/overview.html

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/078de7d019f5f1e546aa29af7123643bd250341af71506e6256dfee8f245a2a7

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/217858/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample