CryptoLocker (Trojan:Win32/Crilock.A)

Forum for analysis and discussion about malware.

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Intimacygel » Tue Apr 08, 2014 4:46 pm

Okay I got one that is currently working, Just got off box a couple hours ago.

Looks like first drop was april 4th, but the active cryptolocker process C:\Users\Office\AppData\Local\Fwuisgmpixozj.exe 91126BEDF521E6527C46EB1EAF03475A is only a few hours old in VT
You do not have the required permissions to view the files attached to this post.
User avatar
Intimacygel
 
Posts: 24
Joined: Wed Jun 05, 2013 3:16 pm
Reputation point: 4

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby dhagar » Thu May 01, 2014 3:07 pm

Any new samples since the last post on April 8th, 2014?
dhagar
 
Posts: 1
Joined: Thu May 01, 2014 2:48 pm
Reputation point: 0

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Kimberly » Mon May 05, 2014 12:40 am

Sample from a UPS Spam (May 1st 2014) - Downloaded by ZeuS GameOver
You do not have the required permissions to view the files attached to this post.
Kimberly
 
Posts: 14
Joined: Sun Dec 01, 2013 12:49 pm
Reputation point: 0

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Intimacygel » Tue May 13, 2014 1:51 pm

Anyone know of a way of modifying a previous sample to encrypt indefinitely even if all servers are down? It would be useful for presentations or just general education as most samples are no longer working after a few days.

Much Appreciated
User avatar
Intimacygel
 
Posts: 24
Joined: Wed Jun 05, 2013 3:16 pm
Reputation point: 4

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Xylitol » Thu Jun 05, 2014 7:08 am

You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1649
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 505

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby TwinHeadedEagle » Thu Aug 07, 2014 8:22 am

Unlocking Cryptolocker - free service launched

https://www.decryptcryptolocker.com/

More info here --> http://www.fireeye.com/blog/corporate/2 ... ption.html
TwinHeadedEagle
 
Posts: 72
Joined: Mon Aug 27, 2012 6:59 am
Reputation point: 5

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Sargerras » Thu Aug 07, 2014 8:29 am

Not working with a latest cryptolocker encrypted files, as page does not recognize them as they was encrypted by cryptolocker.
Sargerras
 
Posts: 9
Joined: Mon May 13, 2013 12:23 pm
Reputation point: 3

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Kimberly » Sun Aug 10, 2014 1:15 pm

Can you attach a sample file containing non sensitive data?

Thanks,
Kim
Kimberly
 
Posts: 14
Joined: Sun Dec 01, 2013 12:49 pm
Reputation point: 0

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Sargerras » Mon Aug 11, 2014 11:01 am

Sure, here is a sample of the encrypted file.
My thoughts that FireEye and Fox it get database from they C&C server. And keys are not working for new versions.
You do not have the required permissions to view the files attached to this post.
Sargerras
 
Posts: 9
Joined: Mon May 13, 2013 12:23 pm
Reputation point: 3

Previous

Return to Malware

Who is online

Users browsing this forum: No registered users and 14 guests