Cerber Ransomware - IOC



1) Ransomware Name - Cerber

2) Encrypted Extensions -
.cerber
.cerber2
.cerber3

3) Ransom Note File -
# DECRYPT MY FILES #.html
# DECRYPT MY FILES #.txt
# DECRYPT MY FILES #.vbs
# README.hta
_{RAND}_README.jpg
_{RAND}_README.hta
_HELP_DECRYPT_[A-Z0-9]{4-8}_.jpg
_HELP_DECRYPT_[A-Z0-9]{4-8}_.hta
_HELP_HELP_HELP_%random%.jpg
_HELP_HELP_HELP_%random%.hta
_HOW_TO_DECRYPT_[A-Z0-9]{4-8}_.jpg
_HOW_TO_DECRYPT_[A-Z0-9]{4-8}_.hta

4) Encrypted Algorithm - AES

5) Decrptor Link - NA

6) Screenshots -


7) Indicators of Compromise -
GU18zL2P7Y5bq8EPFBSo2tnvCd9ZEBi3E
paket.pw
coincafe.com
104.27.154.158:80 (США)


8) File Details -
the MD5 7d181574893ec9cb2795166623f8e531
the SHA1 79440d8b1e4b8fa222f1be78435f43f86796f6dc
the SHA256 a098c20dd46c6afa031bb653cd6d6eede4260a5a6244cf8c1dffcb4d8565b404
ssdeep12288: fN4XnlsewZadw / WDImKa9X8Lnpy6UG5MZXHEZ6Utif + M4lYklAo: V41NwZadw / WQWyyCMlE8SifgJ
authentihash  ffc39959aa60fa70d82e5ad981476fe04851ac3ed29f7abeef6dcc7ea1e8753b
imphash  e160ef8e55bb9d162da4e266afd9eef3
File size 463.3 KB (474,400 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments