MalwareBazaar Database
You are currently viewing the MalwareBazaar entry for SHA256 96e4b1a3d225d6a3a49b89d3a4a0f2095e5e667ecc2168fc91fbc1612fdfab1b. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.
Database Entry
Cerber
Vendor detections: 7
| SHA256 hash: | 96e4b1a3d225d6a3a49b89d3a4a0f2095e5e667ecc2168fc91fbc1612fdfab1b |
|---|---|
| SHA3-384 hash: | fa6e3f72006dacc1b1587c42094cd4db9bc5926463af9c0338ae17deab22750431a1dc474ee5550f43057c01a558a406 |
| SHA1 hash: | 6ebbdefade378422c35436eace8b0c7e5b75ea13 |
| MD5 hash: | da5c04ec2a6b1004f9bfed11dc44ab2f |
| humanhash: | twelve-nevada-idaho-mike |
| File name: | 96e4b1a3d225d6a3a49b89d3a4a0f2095e5e667ecc2168fc91fbc1612fdfab1b |
| Download: | download sample |
| Signature | Cerber |
| File size: | 270'640 bytes |
| First seen: | 2020-11-11 11:02:02 UTC |
| Last seen: | Never |
| File type: |  exe |
| MIME type: | application/x-dosexec |
| imphash | 7ed0d71376e55d58ab36dc7d3ffda898 (133 x GuLoader, 28 x RemcosRAT, 23 x AgentTesla) |
| ssdeep | 6144:cd+ROT/eK3SmFzkL2msD2OCNwphRBcxhyCMGvxQQtLhYhak5SYi:c8OjSmlkRLOC0dQyCFqdhak8p |
| TLSH | 8B44122AB6E0C093E2B712396D7797F1DFB9D9017508815B2310BFBB7A3A226CD01349 |
| Reporter |  seifreed |
| Tags: | Cerber |
Intelligence
File Origin
# of uploads :
1
# of downloads :
1'813
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Result
Verdict:
Malware
Maliciousness:
Behaviour
Creating a file in the %temp% directory
Creating a file
Searching for the window
Unauthorized injection to a recently created process
Creating a window
Sending a UDP request
Using the Windows Management Instrumentation requests
Changing a file
Reading critical registry keys
Launching a process
DNS request
Sending an HTTP GET request
Sending a custom TCP request
Connecting to a cryptocurrency mining pool
Creating a file in the %AppData% subdirectories
Creating a file in the mass storage device
Stealing user critical data
Encrypting user's files
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Threat name:
Win32.Ransomware.Cerber
Status:
Malicious
First seen:
2020-11-11 11:03:24 UTC
AV detection:
25 of 29 (86.21%)
Threat level:
5/5
Detection(s):
Suspicious file
Result
Malware family:
cerber
Score:
10/10
Tags:
family:cerber ransomware
Behaviour
Kills process with taskkill
Modifies Internet Explorer settings
Modifies system certificate store
Runs ping.exe
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Modifies registry class
Drops file in Program Files directory
Drops file in Windows directory
Sets desktop wallpaper using registry
Suspicious use of SetThreadContext
Deletes itself
Loads dropped DLL
Drops startup file
Blacklisted process makes network request
Cerber
Unpacked files
SH256 hash:
96e4b1a3d225d6a3a49b89d3a4a0f2095e5e667ecc2168fc91fbc1612fdfab1b
MD5 hash:
da5c04ec2a6b1004f9bfed11dc44ab2f
SHA1 hash:
6ebbdefade378422c35436eace8b0c7e5b75ea13
SH256 hash:
8387462fe2a20ba572ab0a8dce9772f609e352610be5b22d3e2b8735de7ef637
MD5 hash:
272d8bfaa1fab71f21c981e481eb1946
SHA1 hash:
aefbdaceda367cc8c2d19ea6eca4266732810d45
Detections:
win_cerber_auto
SH256 hash:
df5ae79fa558dc7af244ec6e53939563b966e7dbd8867e114e928678dbd56e5d
MD5 hash:
ca332bb753b0775d5e806e236ddcec55
SHA1 hash:
f35ef76592f20850baef2ebbd3c9a2cfb5ad8d8f
Please note that we are no longer able to provide a coverage score for Virus Total.
File information
The table below shows additional information about this malware sample such as delivery method and external references.
Delivery method
Other
Comments
Login required
You need to login to in order to write a comment. Login with your abuse.ch account.