App Review Cerber Ransomware update to 4.1.1 version!Demonstration of attack video review.

[GrujaRS]

Cerber version 4.1.1!

 

[Dirk41]

Probably it is not the first time , but I notice only now that UAC says that the verified publisher is MS

Thank you for sharing

 

[adnage19]

Probably it is not the first time , but I notice only now that UAC says that the verified publisher is MS

Thank you for sharing

UAC says that about CMD It's an original commandline app used by the ransomware.

 

[Dirk41]

Anyway it can confuse inexperienced users

 

[adnage19]

Anyway it can confuse inexperienced users

Well, how it should work then? It does its job.

 

[Dirk41]

The smartscreen shows cerber.exe . Is that a name set by the reviewer or it is shipped really with its real name ?

 

[adnage19]

The smartscreen shows cerber.exe . Is that a name set by the reviewer or it is shipped really with its real name ?

It's just a name of this executed file

 

[Dirk41]

It's just a name of this executed file

Smartscreen would have blocked it even with another name ?

 

[adnage19]

Smartscreen would have blocked it even with another name ?

Yes, file name has nothing to do with that. This file is uknown and suspicious for the SmartScreen so it blocked that. But SmartScreen doesn't look at the name or something.

 

[DardiM]

Thanks for the video review

Antivirus scan for a31eb55003834823679085184dbdc0946ffd0037567bd2c088d16e6e95b0d913 at 2016-11-04 06:38:25 UTC - VirusTotal

A remark :
At UAC prompt, "yes" was clicked => to show the behavior of the sample.

 

[Dirk41]

Thanks for the video review

Antivirus scan for a31eb55003834823679085184dbdc0946ffd0037567bd2c088d16e6e95b0d913 at 2016-11-04 06:38:25 UTC - VirusTotal

A remark :
At UAC prompt, "yes" was clicked => to show the behavior of the sample.

Don't you think it would be useful to click no sometimes to see if there are UAC exploit?

 

[DardiM]

Don't you think it would be useful to click no sometimes to see if there are UAC exploit?

Yes, but I think the purpose of this current video is only to show us the malware in action

 

[ForgottenSeer 55474]

Thanks for the video.it was very informative

 

[Dirk41]

Yes, but I think the purpose of this current video is only to show us the malware in action

Ok but we can all imagine it will encrypt everything . Thank you for the videos of course I appreciate

 

[DardiM]

Ok but we can all imagine it will encrypt everything . Thank you for the videos of course I appreciate

CyberSecurity GrujaRS likes to show us all the process, from begin, to end

It shows the file encryptions, extension, ransowning part, etc