- First seen: March 2016
- Aliases:
- Samples:
- 7dffcb4c4a460100d4c49e173fbf70eba4a7306747dc2d6570f4371b978fa87b | windows | ransom | pe
| Property | Value |
|---|---|
| Size | 133376 bytes |
| CRC32 | 0xec7ea144 |
| MD5 | 29cd77b9ce1e3ddab675336e4f8f6aef |
| SHA1 | b29fb3de99413bb36f5f21c955bb7e6d18330d60 |
| SHA256 | 7dffcb4c4a460100d4c49e173fbf70eba4a7306747dc2d6570f4371b978fa87b |
| SHA512 | f5ac44f8d51df10e782dadc552f02e4ffc2fb310bf7304f00b9582fc90cf7aaa7e3d35b5c1d5d94f0af6def149708f4566477aea1e0093163262d22ada0df2f6 |
| Ssdeep | 3072:EM60v/zWXztD+Qh/VheZwe5rkhNyyF/IQQAhBwGDvPyQq14Ru:t60TWX5Dt1WZ3p7AhQAXyq8 |
| Magic | PE32 executable (GUI) Intel 80386, for MS Windows |
| Packer | PE: compiler: Microsoft Visual C/C++(2010 SP1)[-] PE: linker: Microsoft Linker(10.0)[EXE32] |
| TrID | 29.6% (.DLL) Win32 Dynamic Link Library (generic) (6578/25/2) 22.7% (.EXE) Win16 NE executable (generic) (5038/12/1) 20.3% (.EXE) Win32 Executable (generic) (4505/5/1) 9.1% (.EXE) OS/2 Executable (generic) (2029/13) 9.0% (.EXE) Generic Win/DOS Executable (2002/3) |
- Avast: Win32:Evo-gen [Trj]
- Avira: HEUR/AGEN.1021098
- Bitdefender: Trojan.Ransom.Cerber.1
- Clamav: Win.Ransomware.Cerber-7782997-0
+ Comodo: clean
- Drweb: Trojan.Encoder.4691
- Eset: Win32/Filecoder.Cerber.B
- Fsecure: Heuristic.HEUR/AGEN.1320889
- Kaspersky: HEUR:Trojan.Win32.Generic
+ Mcafee: clean
- Sophos: Mal/Cerber-C
- Symantec: Ransom.Cerber
- Trendmicro: Ransom_CERBER.SMSE
- Windefender: Ransom:Win32/Avaddon.P!MSR- https://www.trendmicro.com/en_us/research/17/e/cerber-ransomware-evolution.html
- https://blog.cyble.com/2022/06/17/cerber2021-ransomware-back-in-action/
- https://rinseandrepeatanalysis.blogspot.com/2018/08/reversing-cerber-raas.html
- https://www.virusbulletin.com/virusbulletin/2017/12/vb2017-paper-nine-circles-cerber/
- https://www.trendmicro.com/en_us/research/17/c/cerber-starts-evading-machine-learning.html
- https://www.malwarebytes.com/blog/news/2016/03/cerber-ransomware-new-but-mature