Demo Analysis for Cerber Ransomware

Posted

A couple of weeks ago, I made a demonstration analysis for a variant of Cerber ransomware and documented it.

The following is the table of contents for the document.

Symptoms of compromise
    Ransom notes
    Encrypted files
    Temporary files
Runtime behavior
    Creates mutex
    Weakens system security
    Self elevates to perform administrative tasks
    Searches for files to encrypt
    Encrypts the files
    Displays the ransom note
    Deletes itself
    Window flashes up
Configuration
Final Notes

Author