MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Cerber


Vendor detections: 10


Intelligence 10 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d
SHA3-384 hash: 2dd3b4f350bd877b5b8583287d12071603bcd7460310b1716a69dde2266dcc7f9db6cc21767bc0f425fee5da44562b9a
SHA1 hash: 971e1153d357f310900e817dfb562ed1d86b4db9
MD5 hash: ee2c437ba152db9eca9ef065a36d204a
humanhash: fanta-mango-edward-tennessee
File name:242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d
Download: download sample
Signature Cerber
Create hunting rule
File size:274'361 bytes
First seen:2020-11-15 23:15:18 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash 4ea4df5d94204fc550be1874e1b77ea7 (241 x GuLoader, 29 x RemcosRAT, 17 x VIPKeylogger)
ssdeep 6144:VUKBgb9eIdgIUCCpIOtiXbhmkUZfKtJzzlCnTPsrV:VDEdgoCq+WD8iJzsPsrV
Threatray 11 similar samples on MalwareBazaar
TLSH 7C441224B7C0821BDA764EB19E3AA3531EB3F9181870D7171750AFAE3D21192491E7FB
Reporter seifreed
Tags:Cerber

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'845
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
PUA.Win.Adware.Browserio-6725861-0
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Searching for the window
Unauthorized injection to a recently created process
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Changing a file
Reading critical registry keys
Launching a process
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Connecting to a cryptocurrency mining pool
Creating a file in the %AppData% subdirectories
Creating a file in the %temp% directory
Creating a file
Creating a file in the mass storage device
Stealing user critical data
Encrypting user's files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Result
Threat name:
Cerber
Create hunting rule
Detection:
malicious
Classification:
rans.troj.evad
Score:
100 / 100
Link:
https://www.joesandbox.com/analysis/537109
Signature
Antivirus / Scanner detection for submitted sample
Contains functionalty to change the wallpaper
Detected Cerber Ransomware
Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found Tor onion address
Machine Learning detection for sample
Maps a DLL or memory area into another process
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Uses ping.exe to check the status of other devices and networks
Uses ping.exe to sleep
Yara detected Cerber ransomware
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d/
Threat name:
Win32.Ransomware.Cerber
Create hunting rule
Status:
Malicious
First seen:
2020-11-15 23:17:54 UTC
AV detection:
24 of 29 (82.76%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eqqyd7budfiunclm7gnb2n4wxckilmx2gzubel2dbleba4zassgq._file
Verdict:
malicious
Similar samples:
1eef5d3f564b8768d3356319fb4bd081b961bfb2fd7fefce3f4dadc80ef534d4
Cerber
21043cb4d201a6a5daf06ff34f703d6e306da8ff14aaf1b0880bcd79bf5833a7
Cerber
3a7e74f0ecf5c9b44add16fceb394def8a7789334906a710e476e7f361cd38c2
Cerber
6b9693bfc7e7b3d26bafb65e7368c091e874fc8b05ca202076fd3ee3c2e9550a
Cerber
726f87f336b6d8257d564bf27f2f8fd22ee3a9a6da2e2a2103fe764a5e8af04d
Cerber
75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6
Cerber
7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1
Cerber
7d4feff258cc047570614cc192706671e30cfa8fb81f23356f6c2c794ca4e68c
Cerber
a71db9bee94bb26348cf911d8aae34e84cdf94317ce65e1bd749391125ffaade
Cerber
eec41a3e29e670a2590f9e37a8e1640853dd92aa70e00661c9e047b61273757d
Cerber
+ 1 additional samples on MalwareBazaar
Result
Malware family:
cerber
Create hunting rule
Score:
  10/10
Tags:
family:cerber ransomware
Link:
https://tria.ge/reports/201115-17erd6q24x/
Behaviour
Kills process with taskkill
Modifies Internet Explorer settings
Modifies system certificate store
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
Drops file in Program Files directory
Drops file in Windows directory
Sets desktop wallpaper using registry
Suspicious use of SetThreadContext
Deletes itself
Loads dropped DLL
Drops startup file
Blacklisted process makes network request
Cerber
Unpacked files
SH256 hash:
242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d
MD5 hash:
ee2c437ba152db9eca9ef065a36d204a
SHA1 hash:
971e1153d357f310900e817dfb562ed1d86b4db9
Link:
https://www.unpac.me/results/f8cbc398-aff6-4ad6-9941-1c12cb3a26a3/
SH256 hash:
2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
MD5 hash:
a4dd044bcd94e9b3370ccf095b31f896
SHA1 hash:
17c78201323ab2095bc53184aa8267c9187d5173
Link:
https://www.unpac.me/results/f8cbc398-aff6-4ad6-9941-1c12cb3a26a3/
SH256 hash:
067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
MD5 hash:
0d45588070cf728359055f776af16ec4
SHA1 hash:
c4375ceb2883dee74632e81addbfa4e8b0c6d84a
Link:
https://www.unpac.me/results/f8cbc398-aff6-4ad6-9941-1c12cb3a26a3/
SH256 hash:
9d4dcb111b52289f3b005a6ae02de2b2ef66bbe0b761d009a59bf470e95ed7ae
MD5 hash:
7583254ceddf4c35b2ba3acaabecce8b
SHA1 hash:
edaca4bdf6a3793e2390d56d73b3ddf53672e2ee
Link:
https://www.unpac.me/results/f8cbc398-aff6-4ad6-9941-1c12cb3a26a3/
SH256 hash:
27fd2116356ea5f8652904cd99fc003530aac3b76389ef203ae13d2ba5be918d
MD5 hash:
0d4f77a3a12c3407f321e120980b04ea
SHA1 hash:
f04e31cd1d21409b26def740e947c456981ec0d8
Detections:
win_cerber_auto
Create hunting rule
Link:
https://www.unpac.me/results/f8cbc398-aff6-4ad6-9941-1c12cb3a26a3/
Parent samples :
446a7327773eff4c2cbd0ded843603517e1f06ae2dcc194d0fa525de5f3d98af
d98f9c981da1fa1dfba351472d8eec3ab2adf6b2b58b1c4ec42ac8204fbfb45a
242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d
3bb5725f06379a042e81b51ef32617f5ea8e02ef2c5bab4ae602bc3bd181c972
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/242181fc34195146896cf99a1d3796b89485b2fa3668122f430ac8107320948d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

  
Delivery method
Other

Comments