2017-04-20 - "BLANK SLATE" MALSPAM STILL PUSHING CERBER

ASSOCIATED FILES:

 

BACKGROUND:

 

OTHER NOTES:

 


Shown above:  Flow chart for these emails.

 


Shown above:  Didn't see any malspam for them, even if those fake Google Chrome pages are still active.

 

EMAILS


Shown above:  Data from the spreadsheet tracker (image 1 of 3).

 


Shown above:  Data from the spreadsheet tracker (image 2 of 3).

 


Shown above:  Data from the spreadsheet tracker (image 3 of 3).

 

(READ: Date/Time   --   Sending mail server   --   Sending address (spoofed)   --   Subject   --   Attachment)

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

URLS GENERATED BY THE EXTRACTED .JS FILES:

CERBER POST-INFECTION TRAFFIC:

 

SHA256 HASHES

EMAIL ATTACHMENTS:

 

EXTRACTED .JS FILES:

 

CERBER RANSOMWARE:

 

IMAGES


Shown above:  Desktop of an infected Windows host.

 


Shown above:  The ransom price when I checked was 1 Bitcoin.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.