MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Cerber

Vendor detections: 12

Intelligence 12 IOCs YARA File information Comments

SHA256 hash:	84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973
SHA3-384 hash:	a7d9c89e87ed596c5e9f1e99f782e0656248d468a158badc25b54e63f8f4e5ab7573882280b4d3b2bd66b0a0a938e236
SHA1 hash:	6974541162a224e4133f48f1b62d0bcd2fbfdc00
MD5 hash:	8d66cf380409304c9433c401a2e0cd94
humanhash:	foxtrot-black-diet-missouri
File name:	84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973.bin
Download:	download sample
Signature	Cerber Create hunting rule
File size:	764'928 bytes
First seen:	2022-01-09 00:03:10 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	d0e6d8cc31f0d3346e66a38b8a035489 (3 x Cerber)
ssdeep	12288:n4GTI/cvffub6u4iRFJmVX5h4lij0m+t+OeO+OeNhBBhhBB/quZplAcyOdvo+nwJ:n4y+UXquZf7Zvo+nvAY0D3
Threatray	1'234 similar samples on MalwareBazaar
TLSH	T138F49D32B7D3E173D99224F04D2DA75E2839F82A0B295BE7B3D41B2E4A701D24E3165D
Reporter	Arkbird_SOLG
Tags:	Cerber Cerber2021 exe Ransomware

Intelligence

File Origin

# of uploads :

# of downloads :

1'270

Origin country :

n/a

Vendor Threat Intelligence

Malware family:

n/a

ID:

File name:

84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973.bin

Verdict:

Malicious activity

Analysis date:

2022-01-09 00:05:40 UTC

Tags:

n/a

Link:

https://app.any.run/tasks/86b86da8-fff0-4b8b-9b8f-c9659cc07df0

Note:

ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/217861/

Detection(s):

SecuriteInfo.com.Trojan.Encoder.34693.18936.20543.UNOFFICIAL

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a file in the Windows subdirectories

Creating a file

DNS request

Changing a file

Сreating synchronization primitives

Running batch commands

Creating a process with a hidden window

Searching for the window

Sending a custom TCP request

Result

Malware family:

n/a

Score:

8/10

Tags:

n/a

Link:

https://dragonfly.certego.net/analysis/3884/overview

Behaviour

MalwareBazaar

MeasuringTime

SystemUptime

EvasionGetTickCount

CheckCmdLine

EvasionQueryPerformanceCounter

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

control.exe greyware shell32.dll

Link:

https://www.filescan.io/uploads/61da26761c0d769df9d9e4fb/reports/6f96011f-07f1-4765-87fc-57508961f1f7/overview

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Malware family:

Cerber 2021

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/836342f5-e3ac-4d1f-a230-22d9928d28fe

Result

Threat name:

Cerber

Detection:

malicious

Classification:

rans.evad

Score:

64 / 100

Link:

https://www.joesandbox.com/analysis/917200

Signature

Deletes itself after installation

Found Tor onion address

Multi AV Scanner detection for submitted file

Yara detected Cerber ransomware

Behaviour

Behavior Graph:

Download SVG

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973/

Threat name:

Win32.Ransomware.Cerber

Status:

Malicious

First seen:

2021-12-21 02:00:00 UTC

AV detection:

23 of 28 (82.14%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=qtf77oclpsoo26nvch4cufkbjwjafk3ii6o74rgoy63ul3is7fzq._file

Verdict:

malicious

Result

Malware family:

n/a

Score:

10/10

Tags:

ransomware spyware stealer

Link:

https://tria.ge/reports/220109-acl2vsdgak/

Behaviour

Suspicious use of WriteProcessMemory

Enumerates physical storage devices

Deletes itself

Reads user/profile data of web browsers

Unpacked files

SH256 hash:

6c1fba846151c1f61084977d1660e68e76157e7a50d89b5ffd9ddc1ca3eea9db

MD5 hash:

8a0c49216f7841aecd1d9795b6069527

SHA1 hash:

e61f672e88592ec224b22eddc76b00b1ddc50fa7

Link:

https://www.unpac.me/results/2377ec29-5da6-4d5e-b341-8e2c2df458f9/

SH256 hash:

ecfa7a56bb748fe3e20ed8f04f0da492532c5d37f7ef4f741cafe6194ddd86d0

MD5 hash:

2a025f058eac425b6c31c42801ce3d2b

SHA1 hash:

b04edd2e0572f14b6059463c89daa0165b24930d

Link:

https://www.unpac.me/results/2377ec29-5da6-4d5e-b341-8e2c2df458f9/

SH256 hash:

07849d62614790f23edb8cfd90e4f4c93032a037768bca482df0780d1a62300c

MD5 hash:

d87b2f172a68cdb7404ea1afbd36772a

SHA1 hash:

53114151aa784b87e15091bce4d93cc6935c3378

Link:

https://www.unpac.me/results/2377ec29-5da6-4d5e-b341-8e2c2df458f9/

SH256 hash:

2118cb740766023eee92f83b9ea355c9717994b1502d515742f3ca1ecc56b5e4

MD5 hash:

9c7cda3bc19f5fa1efa714aeb24d5090

SHA1 hash:

31095816c32bd5dcdcb6f6fb57a56cb3ee3b2b07

Link:

https://www.unpac.me/results/2377ec29-5da6-4d5e-b341-8e2c2df458f9/

SH256 hash:

84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973

MD5 hash:

8d66cf380409304c9433c401a2e0cd94

SHA1 hash:

6974541162a224e4133f48f1b62d0bcd2fbfdc00

Link:

https://www.unpac.me/results/2377ec29-5da6-4d5e-b341-8e2c2df458f9/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/84cbffb84b7c9ced79b511f82a15414d9202ab68479dfe44cec7b745ed12f973

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/217861/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample