CerberRansomware

Cerber Ransomware - The largest RaaS (Ransomware-as-a-Service) platform of 2016-2017. File encryption with .cerber extension, payment panel accessed via 4 Tor2Web proxies, closing Windows audit log with auditpol.exe, VBScript and HTML ransom notes. RSA+RC4 encryption.

Threat Profile
Type Ransomware
Programming LanguageC
C2 ProtocolHTTP/Tor
First Seen2016
Targets Kuresel
Purpose / Capabilities
  • Ransomware (RaaS)

C2 Servers 1

Address Port Protocol Status Action
cerberhhyed5frqa.onion
Cerber Ransomware Tor C2 odeme paneli - 4 Tor2Web proxy
80 HTTP INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

Critical

CerberRansomware 4a2ad49c -- cerberhhyed5frqa-onion 4xTor2Web cevacont1234-gmail dot-cerber-extension auditpol-audit-disable VirtualAllocEx wallet-dat ipinfo-io 45ED-FB92 RaaS | Kritik

CerberRansomware 4a2ad49c PE32 x86 1.88MB RaaS. .cerber uzantisi. 4 Tor2Web C2 proxy (cerberhhyed5frqa.onion). auditpol.exe denetim logu devre disi. VirtualAllocEx enjeksiyonu. wallet.dat. ipinfo.io.

Read Report →