MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Cerber


Vendor detections: 12


Intelligence 12 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86
SHA3-384 hash: 4f5b311aef6eccc1fcf278f74b22f13542fe9710fab21a8de79ecfc337de35ff293c96cb1248859ed9faa3ee4d37559b
SHA1 hash: a42413c50f56e92ccba47f62eea44bb9542199d8
MD5 hash: df4e5c6775c14e72fa41bce9b91755f8
humanhash: michigan-september-stairway-purple
File name:eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86.bin
Download: download sample
Signature Cerber
Create hunting rule
File size:764'928 bytes
First seen:2022-01-08 23:11:18 UTC
Last seen:2022-01-09 00:47:32 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d0e6d8cc31f0d3346e66a38b8a035489 (3 x Cerber)
ssdeep 12288:84GTI/cvffub6u4iRFJmVX5h4lij0m+t+OeO+OeNhBBhhBB/quZplAcyOdvo+nwk:84y+UXquZf7Zvo+nvAYVD3
Threatray 1'219 similar samples on MalwareBazaar
TLSH T186F49D32B7D3E173D99224F04D2DA75E2839F82A0B295BE7B3D41B2E4A701D24E3165D
Reporter Arkbird_SOLG
Tags:Cerber Cerber2021 exe Ransomware

Intelligence

File Origin
# of uploads :
2
# of downloads :
1'144
Origin country :
n/a
Vendor Threat Intelligence
Malware family:
n/a
ID:
1
File name:
eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86.bin
Verdict:
Malicious activity
Analysis date:
2022-01-08 23:15:39 UTC
Tags:
n/a
Link:
https://app.any.run/tasks/ed912108-17df-4b5f-9ba7-bb56c0cfb5d3

Note:
ANY.RUN is an interactive sandbox that analyzes all user actions rather than an uploaded sample
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/217859/
Detection(s):
SecuriteInfo.com.Trojan.Encoder.34693.21551.24474.UNOFFICIAL
Create hunting rule

Result
Verdict:
Malware
Maliciousness:

Behaviour
Creating a file in the Windows subdirectories
Creating a file
DNS request
Changing a file
Сreating synchronization primitives
Running batch commands
Creating a process with a hidden window
Sending a custom TCP request
Result
Malware family:
n/a
Score:
  8/10
Tags:
n/a
Link:
https://dragonfly.certego.net/analysis/3882/overview
Behaviour
MalwareBazaar
SystemUptime
MeasuringTime
EvasionQueryPerformanceCounter
EvasionGetTickCount
CheckCmdLine
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
cerber control.exe crypren filecoder greyware lockergoga ransomware shell32.dll
Link:
https://www.filescan.io/uploads/61da1a4802e388f9fdb818a5/reports/bbc92d84-1ae5-4aed-99bd-d414bafa731f/overview
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Cerber 2021
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/a8daef63-df37-4288-ab97-04db1c6d2087
Result
Threat name:
Unknown
Detection:
malicious
Classification:
evad
Score:
56 / 100
Link:
https://www.joesandbox.com/analysis/917198
Signature
Deletes itself after installation
Found Tor onion address
Multi AV Scanner detection for submitted file
Behaviour
Behavior Graph:
Download SVG
behaviorgraph top1 signatures2 2 Behavior Graph ID: 549676 Sample: q4iQqZtEsa.bin Startdate: 09/01/2022 Architecture: WINDOWS Score: 56 22 Multi AV Scanner detection for submitted file 2->22 24 Found Tor onion address 2->24 7 q4iQqZtEsa.exe 6 2->7         started        process3 signatures4 26 Deletes itself after installation 7->26 10 cmd.exe 1 7->10         started        12 cmd.exe 1 7->12         started        14 conhost.exe 7->14         started        process5 process6 16 conhost.exe 10->16         started        18 choice.exe 1 10->18         started        20 conhost.exe 12->20         started       
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86/
Threat name:
Win32.Ransomware.LockerGoga
Create hunting rule
Status:
Malicious
First seen:
2021-12-05 06:40:06 UTC
File Type:
PE (Exe)
Extracted files:
1
AV detection:
30 of 43 (69.77%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=5oqeqks3ciznwri3dj2f3whjtxx3t4izjmdq4l24edxleujjnkda._file
Verdict:
malicious
Similar samples:
034e8e297165eeb14372eea7a7e68756e561df39b84c5be924e542a36dee7418
Cerber
199f2dc4388a96b80edc0881ac6e70b33833ddb801d15a53981e0ce7624fe371
Cerber
35b067642173874bd2766da0d108401b4cf45d6e2a8b3971d95bf474be4f6282
Cerber
37728370446782dda4fd81f1bbcbe8759e00cc6d03aa4eb4822e73b02a8ce67a
Cerber
488aeadb7b5bfdcf2b7bf7f25518f6ccaf136e90bf81409838d7f8051938d076
Cerber
49cfe3e8ec06fb6fc1616f2113eec3aed85ec58a24798690a493a23d0a85f7b0
Cerber
5ed80f3e0c9d4c92b05864fafffd410becd10235c0cb34cd1ac46090dc83f293
Cerber
9f86527e3ca4530bb3209d8608dae083afab4ef2cf7b0ae23bcd6fdc322a0c33
Cerber
a0fb8417720da120c09f19ad62030bf1dc7f51b74326582f2f9d4488d426a800
Cerber
d41295c513c151fa5a6a0afd777b1f6cd7d8b7c94af994e22d76f6c7b402f796
Cerber
+ 1'209 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  10/10
Tags:
ransomware spyware stealer
Link:
https://tria.ge/reports/220108-26t34sdfhn/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Deletes itself
Reads user/profile data of web browsers
Unpacked files
SH256 hash:
6c1fba846151c1f61084977d1660e68e76157e7a50d89b5ffd9ddc1ca3eea9db
MD5 hash:
8a0c49216f7841aecd1d9795b6069527
SHA1 hash:
e61f672e88592ec224b22eddc76b00b1ddc50fa7
Link:
https://www.unpac.me/results/98a82acd-1fa7-49a3-9339-95aaa423cd6e/
SH256 hash:
ecfa7a56bb748fe3e20ed8f04f0da492532c5d37f7ef4f741cafe6194ddd86d0
MD5 hash:
2a025f058eac425b6c31c42801ce3d2b
SHA1 hash:
b04edd2e0572f14b6059463c89daa0165b24930d
Link:
https://www.unpac.me/results/98a82acd-1fa7-49a3-9339-95aaa423cd6e/
SH256 hash:
07849d62614790f23edb8cfd90e4f4c93032a037768bca482df0780d1a62300c
MD5 hash:
d87b2f172a68cdb7404ea1afbd36772a
SHA1 hash:
53114151aa784b87e15091bce4d93cc6935c3378
Link:
https://www.unpac.me/results/98a82acd-1fa7-49a3-9339-95aaa423cd6e/
SH256 hash:
2118cb740766023eee92f83b9ea355c9717994b1502d515742f3ca1ecc56b5e4
MD5 hash:
9c7cda3bc19f5fa1efa714aeb24d5090
SHA1 hash:
31095816c32bd5dcdcb6f6fb57a56cb3ee3b2b07
Link:
https://www.unpac.me/results/98a82acd-1fa7-49a3-9339-95aaa423cd6e/
SH256 hash:
eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86
MD5 hash:
df4e5c6775c14e72fa41bce9b91755f8
SHA1 hash:
a42413c50f56e92ccba47f62eea44bb9542199d8
Link:
https://www.unpac.me/results/98a82acd-1fa7-49a3-9339-95aaa423cd6e/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/eba0482a5b1232db451b1a745dd8e99defb9f1194b070e2f5c20eeb251296a86

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/217859/

Comments