MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 0cd28b912cf4d9898a6f03c4edfd73d1d90faf971ad84b28c6c254408ad7630f. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Cerber


Vendor detections: 6


Intelligence 6 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 0cd28b912cf4d9898a6f03c4edfd73d1d90faf971ad84b28c6c254408ad7630f
SHA3-384 hash: 9d1ea45003c3fa3bf0206c3d0c2438608ef075b78151a45b212c822ae60ba4574f83cdf2e217678b1ef49c63730db122
SHA1 hash: 6b11d358f1ba10226e7d89c12aeda877301b5ed2
MD5 hash: 9d0cd31eb4f608214fcc73067c345afb
humanhash: four-mockingbird-freddie-carolina
File name:da5c04ec2a6b1004f9bfed11dc44ab2f
Download: download sample
Signature Cerber
Create hunting rule
File size:270'640 bytes
First seen:2020-11-17 15:41:00 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 7ed0d71376e55d58ab36dc7d3ffda898 (133 x GuLoader, 28 x RemcosRAT, 23 x AgentTesla)
ssdeep 6144:NB+cP5LZg3SmFzkL2msD2OCNwphRBcxhyCMGvxQQtLhYhak5SYi:NRPWSmlkRLOC0dQyCFqdhak8p
TLSH BE44122AB6E0C0A3E2F712396D7797E1DFB9D9017518915B23107FBB7A36226CD02349
Reporter seifreed
Tags:Cerber

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'901
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Browserio-6725861-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Sending a UDP request
Creating a file in the %temp% directory
Creating a file
Searching for the window
Unauthorized injection to a recently created process
Creating a window
Using the Windows Management Instrumentation requests
Changing a file
Reading critical registry keys
Launching a process
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Connecting to a cryptocurrency mining pool
Creating a file in the %AppData% subdirectories
Creating a file in the mass storage device
Stealing user critical data
Encrypting user's files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/0cd28b912cf4d9898a6f03c4edfd73d1d90faf971ad84b28c6c254408ad7630f/
Threat name:
Win32.Ransomware.Cerber
Create hunting rule
Status:
Malicious
First seen:
2020-11-17 15:47:22 UTC
AV detection:
24 of 28 (85.71%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=btjixejm6tmytctpapco37lt2hmq7l4xdlmewkggyjkebcwxmmhq._file
Unpacked files
SH256 hash:
0cd28b912cf4d9898a6f03c4edfd73d1d90faf971ad84b28c6c254408ad7630f
MD5 hash:
9d0cd31eb4f608214fcc73067c345afb
SHA1 hash:
6b11d358f1ba10226e7d89c12aeda877301b5ed2
Link:
https://www.unpac.me/results/1323a1e7-72d6-4f4f-b03e-1a84ed751223/
SH256 hash:
8387462fe2a20ba572ab0a8dce9772f609e352610be5b22d3e2b8735de7ef637
MD5 hash:
272d8bfaa1fab71f21c981e481eb1946
SHA1 hash:
aefbdaceda367cc8c2d19ea6eca4266732810d45
Detections:
win_cerber_auto
Create hunting rule
Link:
https://www.unpac.me/results/1323a1e7-72d6-4f4f-b03e-1a84ed751223/
Parent samples :
96e4b1a3d225d6a3a49b89d3a4a0f2095e5e667ecc2168fc91fbc1612fdfab1b
6b9693bfc7e7b3d26bafb65e7368c091e874fc8b05ca202076fd3ee3c2e9550a
7d4feff258cc047570614cc192706671e30cfa8fb81f23356f6c2c794ca4e68c
0cd28b912cf4d9898a6f03c4edfd73d1d90faf971ad84b28c6c254408ad7630f
SH256 hash:
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
MD5 hash:
ca332bb753b0775d5e806e236ddcec55
SHA1 hash:
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
Link:
https://www.unpac.me/results/1323a1e7-72d6-4f4f-b03e-1a84ed751223/
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments