MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Cerber


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631
SHA3-384 hash: 0672ddfcfce93afaff5c16a0d0627247fe9635f50642c57fbadf99a19bc0d0d4f70f58de89ac88d7f6e8b9ad0294da93
SHA1 hash: f79ea5b6b14cbbd947585c78c2446becaef803b7
MD5 hash: ae99e6a451bc53830be799379f5c1104
humanhash: nevada-pasta-beer-massachusetts
File name:772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631.bin
Download: download sample
Signature Cerber
Create hunting rule
File size:764'928 bytes
First seen:2022-01-09 00:02:53 UTC
Last seen:Never
File type:Executable exe
MIME type:application/x-dosexec
imphash d0e6d8cc31f0d3346e66a38b8a035489 (3 x Cerber)
ssdeep 12288:n4GTI/cvffub6u4iRFJmVX5h4lij0m+t+OeO+OeNhBBhhBB/quZplAcyOdvo+nwJ:n4y+UXquZf7Zvo+nvAY0D3
Threatray 1'222 similar samples on MalwareBazaar
TLSH T1A7F49D32B7D3E173D99224F04D2DA75E2839F82A0B295BE7B3D41B2E4A701D24E3165D
Reporter Arkbird_SOLG
Tags:Cerber Cerber2021 exe Ransomware

Intelligence

File Origin
# of uploads :
1
# of downloads :
1'143
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631
Verdict:
Malicious activity
Analysis date:
2021-12-08 08:42:21 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/c59f562e-4a61-459c-b0a3-9890c412b0ea

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/217860/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.34693.20680.31612.UNOFFICIAL
Create hunting rule

SecuriteInfo.com.Trojan.Encoder.34693.18936.20543.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file
DNS request
Changing a file
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Searching for the window
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3883/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionGetTickCount
EvasionQueryPerformanceCounter
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cerber control.exe crypren filecoder greyware lockergoga ransomware shell32.dll
Link:
https://www.filescan.io/uploads/61da263b02e388f9fdb83a1a/reports/bcb62fb9-b69b-4c58-972b-744a042399c1/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Cerber 2021
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/583081a3-aaaf-4600-b4a9-161ceaf78e9a
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/917199
Signature
Deletes itself after installation
Found Tor onion address
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 549677 Sample: TW9GMBxhUP.bin Startdate: 09/01/2022 Architecture: WINDOWS Score: 56 22 Multi AV Scanner detection for submitted file 2->22 24 Found Tor onion address 2->24 7 TW9GMBxhUP.exe 6 2->7         started        process3 signatures4 26 Deletes itself after installation 7->26 10 cmd.exe 1 7->10         started        12 cmd.exe 1 7->12         started        14 conhost.exe 7->14         started        process5 process6 16 conhost.exe 10->16         started        18 choice.exe 1 10->18         started        20 conhost.exe 12->20         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631/
Threat name:
Win32.Ransomware.Cerber
Create hunting rule
Status:
Malicious
First seen:
2021-12-05 12:34:25 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
22 of 28 (78.57%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=o4wk2jufhr6y5khrai7w4pf2egomtoy5whgtdljls6pftu6zyyyq._file
Verdict:
malicious
Similar samples:
034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418
Cerber
078de7d019f5f1e546aa29af7123643bd250341af71506e6256dfee8f245a2a7
Cerber
199f2dc4388a96b80edc0881ac6e70b33833ddb801d15a53981e0ce7624fe371
Cerber
488aeadb7b5bfdcf2b7bf7f25518f6ccaf136e90bf81409838d7f8051938d076
Cerber
5ed80f3e0c9d4c92b05864fafffd410becd10235c0cb34cd1ac46090dc83f293
Cerber
84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973
Cerber
9f86527e3ca4530bb3209d8608dae083afab4ef2cf7b0ae23bcd6fdc322a0c33
Cerber
a0fb8417720da120c09f19ad62030bf1dc7f51b74326582f2f9d4488d426a800
Cerber
d41295c513c151fa5a6a0afd777b1f6cd7d8b7c94af994e22d76f6c7b402f796
Cerber
eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86
Cerber
+ 1'212 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
ransomware spyware stealer
Link:
https://tria.ge/reports/220109-ab2qxsdgaj/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Deletes itself
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
6c1fba846151c1f61084977d1660e68e76157e7a50d89b5ffd9ddc1ca3eea9db
MD5 hash:
8a0c49216f7841aecd1d9795b6069527
SHA1 hash:
e61f672e88592ec224b22eddc76b00b1ddc50fa7
Link:
https://www.unpac.me/results/6f469e73-b025-42b0-b37e-a54d02f48924/
SH256 hash:
ecfa7a56bb748fe3e20ed8f04f0da492532c5d37f7ef4f741cafe6194ddd86d0
MD5 hash:
2a025f058eac425b6c31c42801ce3d2b
SHA1 hash:
b04edd2e0572f14b6059463c89daa0165b24930d
Link:
https://www.unpac.me/results/6f469e73-b025-42b0-b37e-a54d02f48924/
SH256 hash:
07849d62614790f23edb8cfd90e4f4c93032a037768bca482df0780d1a62300c
MD5 hash:
d87b2f172a68cdb7404ea1afbd36772a
SHA1 hash:
53114151aa784b87e15091bce4d93cc6935c3378
Link:
https://www.unpac.me/results/6f469e73-b025-42b0-b37e-a54d02f48924/
SH256 hash:
2118cb740766023eee92f83b9ea355c9717994b1502d515742f3ca1ecc56b5e4
MD5 hash:
9c7cda3bc19f5fa1efa714aeb24d5090
SHA1 hash:
31095816c32bd5dcdcb6f6fb57a56cb3ee3b2b07
Link:
https://www.unpac.me/results/6f469e73-b025-42b0-b37e-a54d02f48924/
SH256 hash:
772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631
MD5 hash:
ae99e6a451bc53830be799379f5c1104
SHA1 hash:
f79ea5b6b14cbbd947585c78c2446becaef803b7
Link:
https://www.unpac.me/results/6f469e73-b025-42b0-b37e-a54d02f48924/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/772cad26853c/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/772cad26853c7d8ea8f1023f6e3cba219cc9bb1db1cd31ad2b979e59d3d9c631

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/217860/

Comments