CryptoLocker (Trojan:Win32/Crilock.A)

Forum for analysis and discussion about malware.
User avatar
Intimacygel
Posts: 24
Joined: Wed Jun 05, 2013 3:16 pm

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by Intimacygel » Tue Apr 08, 2014 4:46 pm

Okay I got one that is currently working, Just got off box a couple hours ago.

Looks like first drop was april 4th, but the active cryptolocker process C:\Users\Office\AppData\Local\Fwuisgmpixozj.exe 91126BEDF521E6527C46EB1EAF03475A is only a few hours old in VT
You do not have the required permissions to view the files attached to this post.

dhagar
Posts: 1
Joined: Thu May 01, 2014 2:48 pm

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by dhagar » Thu May 01, 2014 3:07 pm

Any new samples since the last post on April 8th, 2014?

Kimberly
Posts: 14
Joined: Sun Dec 01, 2013 12:49 pm
Contact:

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by Kimberly » Mon May 05, 2014 12:40 am

Sample from a UPS Spam (May 1st 2014) - Downloaded by ZeuS GameOver
You do not have the required permissions to view the files attached to this post.

User avatar
Intimacygel
Posts: 24
Joined: Wed Jun 05, 2013 3:16 pm

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by Intimacygel » Tue May 13, 2014 1:51 pm

Anyone know of a way of modifying a previous sample to encrypt indefinitely even if all servers are down? It would be useful for presentations or just general education as most samples are no longer working after a few days.

Much Appreciated

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by Xylitol » Thu Jun 05, 2014 7:08 am

You do not have the required permissions to view the files attached to this post.

TwinHeadedEagle
Posts: 72
Joined: Mon Aug 27, 2012 6:59 am
Contact:

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by TwinHeadedEagle » Thu Aug 07, 2014 8:22 am

Unlocking Cryptolocker - free service launched

https://www.decryptcryptolocker.com/

More info here --> http://www.fireeye.com/blog/corporate/2 ... ption.html

Sargerras
Posts: 9
Joined: Mon May 13, 2013 12:23 pm

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by Sargerras » Thu Aug 07, 2014 8:29 am

Not working with a latest cryptolocker encrypted files, as page does not recognize them as they was encrypted by cryptolocker.

Kimberly
Posts: 14
Joined: Sun Dec 01, 2013 12:49 pm
Contact:

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by Kimberly » Sun Aug 10, 2014 1:15 pm

Can you attach a sample file containing non sensitive data?

Thanks,
Kim

Sargerras
Posts: 9
Joined: Mon May 13, 2013 12:23 pm

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Post by Sargerras » Mon Aug 11, 2014 11:01 am

Sure, here is a sample of the encrypted file.
My thoughts that FireEye and Fox it get database from they C&C server. And keys are not working for new versions.
You do not have the required permissions to view the files attached to this post.

Post Reply