Petya malware

Forum for analysis and discussion about malware.

Ransomware.Petya

Postby tomatto007 » Tue Jun 27, 2017 5:46 pm

You do not have the required permissions to view the files attached to this post.
tomatto007
 
Posts: 21
Joined: Fri Mar 19, 2010 8:16 pm
Reputation point: 2

Re: Petya malware

Postby Damian9303 » Wed Jun 28, 2017 2:50 pm

Is this the one that struck out yesterday that infected computers via Network?
Damian9303
 
Posts: 1
Joined: Tue Nov 17, 2015 11:57 pm
Reputation point: 0

Re: Petya malware

Postby maddog4012 » Wed Jun 28, 2017 7:20 pm

Damian9303 wrote:Is this the one that struck out yesterday that infected computers via Network?

yes it is :D
User avatar
maddog4012
 
Posts: 43
Joined: Mon Aug 04, 2014 6:53 pm
Reputation point: 35

Re: Petya malware

Postby Peior Crustulum » Wed Jun 28, 2017 11:11 pm

maddog4012 wrote:
Damian9303 wrote:Is this the one that struck out yesterday that infected computers via Network?

yes it is :D


At the risk of sounding like a complete idiot, I was unable to execute the sample.
Am I missing something?
Peior Crustulum
 
Posts: 1
Joined: Wed Jun 28, 2017 11:02 am
Reputation point: 0

Re: Petya malware

Postby waffles2.0 » Thu Jun 29, 2017 11:45 am

The sample provided by the original comment is an older sample, the new one doesn't have the skull and crossbones. Attached is the sample that struck out hitting lots of companies over the past few days.

Use the command line to execute:
Code: Select all
rundll32.exe 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll, #1


You should also know that it schedules a shutdown /sleeps for about an hour after infection so you have to wait a while but once you boot up after shutdown it should take you to a screen like this:
Image
then shortly after this:
Image
You do not have the required permissions to view the files attached to this post.
waffles2.0
 
Posts: 22
Joined: Mon Aug 01, 2016 9:49 am
Reputation point: 7

Peya / NotPeya / WannaCry sample

Postby ausl » Fri Aug 11, 2017 12:07 am

Peya:e8fb95ebb7e0db4c68a32947a74b5ff9
NotPeya:71b6a493388e7d0b40c83ce903bc6b04
WanaCry:db349b97c37d22f5ea1d1841e3c89eb4

Contribute to all those who share the malware samples so generously before!
You do not have the required permissions to view the files attached to this post.
ausl
 
Posts: 1
Joined: Thu Aug 10, 2017 12:40 pm
Reputation point: 3

Re: Petya malware

Postby Xylitol » Fri Aug 11, 2017 10:01 am

Ukrainian man Sergey Neverov arrested for spreading Petya ~ https://cyberpolice.gov.ua/news/kiberpo ... tyaa-6185/
User avatar
Xylitol
Global Moderator
 
Posts: 1629
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 485

Previous

Return to Malware

Who is online

Users browsing this forum: No registered users and 5 guests