MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 deb1f9d82f62df4f707e68af480ccbb365ebd65eb9606c11c08a2b610f32ff7d. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Cerber

Vendor detections: 7

Intelligence 7 IOCs YARA File information Comments

SHA256 hash:	deb1f9d82f62df4f707e68af480ccbb365ebd65eb9606c11c08a2b610f32ff7d
SHA3-384 hash:	349116dd872b0a11ffdd2542c9a72ecb32845ae1bc201721df350d859db73f371a05e07a3d321245a43929506aabfb88
SHA1 hash:	bcb03e9f13d9e9f2134eaaccfc4ca38d2c0ed450
MD5 hash:	b7b926eb09a434d488d16fd6a6ee7211
humanhash:	moon-william-ohio-salami
File name:	deb1f9d82f62df4f707e68af480ccbb365ebd65eb9606c11c08a2b610f32ff7d
Download:	download sample
Signature	Cerber Create hunting rule
File size:	571'113 bytes
First seen:	2020-11-15 23:21:44 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	4686f9d1c444eda8786fd5ac2387d7b8 (2 x Cerber)
ssdeep	6144:dvskmXumQCyCfo1j6N2UkBqx5RaGWvRkIzSSZFoRcMYT/2cjiB1hQTdPd7rj/LJx:akmFPRxKdGIzpFCctT+8iC
Threatray	4 similar samples on MalwareBazaar
TLSH	DCC4C500D1AEAB1BE363727EE5761398FC4681C0DB4CB5D990729F3BC6A3FA21214957
Reporter	seifreed
Tags:	Cerber

Intelligence

File Origin

# of uploads :

1

# of downloads :

1'968

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Win.Malware.Cerber-9779200-1

Win.Malware.Cerber-9779260-1

Win.Packed.Cerber-9779261-1

Win.Malware.Cerber-9779262-1

Win.Packed.Cerber-9779266-1

Result

Verdict:

Malware

Maliciousness:

Behaviour

Creating a window

Sending a UDP request

Result

Verdict:

MALICIOUS

Details

Windows PE Executable

Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.

Result

Threat name:

Cerber

Detection:

malicious

Classification:

rans.evad

Score:

100 / 100

Link:

https://www.joesandbox.com/analysis/536703

Signature

Antivirus / Scanner detection for submitted sample

Contains functionalty to change the wallpaper

Detected Cerber Ransomware

Detected unpacking (changes PE section rights)

Detected unpacking (creates a PE file in dynamic memory)

Detected unpacking (overwrites its own PE header)

Found Tor onion address

Machine Learning detection for sample

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected Cerber ransomware

Behaviour

Behavior Graph:

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/deb1f9d82f62df4f707e68af480ccbb365ebd65eb9606c11c08a2b610f32ff7d/

Threat name:

Win32.Ransomware.Cerber

Status:

Malicious

First seen:

2020-11-15 23:26:16 UTC

AV detection:

28 of 29 (96.55%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=32y7twbpmlpu64d6ncxuqdglwns6xvs6xfqgyeoarivwcdzs756q._file

Verdict:

unknown

Similar samples:

1eef5d3f564b8768d3356319fb4bd081b961bfb2fd7fefce3f4dadc80ef534d4

3a78b409416645d654482f0d1eefee670134ca46728275a53e7db1171ee4fbc6

75dd3608de0296ec53cebaf935b7142265799894b4eeea2a7794a059ffc5e3e6

7a61ca0cd624f85a02a3d168764a589593ff19ca4edb41be92f16ffb521ffad1

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/201115-s9zdgxbt5a/

Behaviour

Suspicious use of AdjustPrivilegeToken

Suspicious use of UnmapMainImage

Unpacked files

SH256 hash:

deb1f9d82f62df4f707e68af480ccbb365ebd65eb9606c11c08a2b610f32ff7d

MD5 hash:

b7b926eb09a434d488d16fd6a6ee7211

SHA1 hash:

bcb03e9f13d9e9f2134eaaccfc4ca38d2c0ed450

Link:

https://www.unpac.me/results/4afc3baf-ecd4-4636-b429-71ff569ec431/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Kryptik

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/deb1f9d82f62df4f707e68af480ccbb365ebd65eb9606c11c08a2b610f32ff7d

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Delivery method

Other

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample