2017-04-06 - "BLANK SLATE" MALSPAM STILL PUSHING CERBER, STILL USING FAKE CHROME PAGE

ASSOCIATED FILES:

 

BACKGROUND:

OTHER NOTES:

 

FAKE CHROME PAGE


Shown above:  Screen shot from the fake Microsoft email.

 


Shown above:  Letting the fake Chrome page send a fake Chrome update as a zip archive.

 


Shown above:  Zip acrhive sent by the fake Chrome page contains (Cerber) ransomware.

 

TRAFFIC

HTTP TRAFFIC FOR THE RANSOMWARE FOR THE PAST FEW DAYS:

RANSOMWARE DOWNLOAD FROM FAKE CHROME INSTALL PAGE ON THURSDAY 2017-04-06:

 

MALWARE

SHA256 HASHES FOR RANSOMWARE SAMPLES:

 

IMAGES


Shown above:  Desktop of an infected Windows host.  Note the dollar signs used for the letter S.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.