Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

Cerber Ransomware(_READ_THIS_FILE_<Random>_.hta / .txt)

  • Distribution Method : Mail attachment(.js)
 
  • MD5 : 4b9d37943da617c47367c7a14d568933
 
  • Major Detection Name : Trojan/Win32.Cerber.R199632 (AhnLab V3), Trojan-Ransom.Win32.Zerber.eagu (Kaspersky)
 
  • Encrypted File Pattern : <Random Filename>.<4 Digits Random Extension>
 
  • Malicious File Creation Location : C:\Users\%UserName%\AppData\Local\Temp\<Random>.exe
 
  • Payment Instruction File : _READ_THIS_FILE_<Random>_.hta / _READ_THIS_FILE_<Random>_.txt
 
  • Major Characteristics : Offline Encryption, Encryption starts from offset 0x700 on target files. Encrypts targets user created folders in C drive root / Documents / Desktop / other partitions / USB drives, Creates payment instruction file in 13 languages including English.

List

위로