CryptoLocker (Trojan:Win32/Crilock.A)

Forum for analysis and discussion about malware.

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Cody Johnston » Thu Oct 17, 2013 6:32 pm

Cody Johnston
 
Posts: 157
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Reputation point: 69

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby skgsergio » Fri Oct 18, 2013 1:33 pm

103.exe seems lees detected yet, is a new version?

On the other hand when u enter to a C&C via http (ex hxxp://gktibioivpqbot.net/) u get this msg:

Temporary notes:

You cannot restore files after time has expired! Setting the system clock back will not help you!

Uninstall action and expiry time controlled by server, your key pair destroyed after uninstall (time has expired)!
You can't control it!!!
After uninstall (if you try reinstall) you obtain a new key pair from server.

You can reinstall software only if time has not expired!


Personal message:

Dear guy, please resend your MP 307*********07, you have month. (We know your machine, we wait you...), this is merchant error, sorry.
Why you did not do this immediately after an error?

Uninstall temporary disabled.
Soon will be available the decryption service... Stay with us :)
skgsergio
 
Posts: 1
Joined: Fri Oct 18, 2013 8:50 am
Reputation point: 0

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Cody Johnston » Fri Oct 18, 2013 6:09 pm

skgsergio wrote:103.exe seems lees detected yet, is a new version?


There is nothing new about the binary itself, just crypted the dropper differently.
Cody Johnston
 
Posts: 157
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Reputation point: 69

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby frame4-mdpro » Fri Oct 18, 2013 6:14 pm

Can someone pls post 103.exe, just missed it :(

TIA.
Anthony
frame4-mdpro
 
Posts: 39
Joined: Wed Jul 13, 2011 1:53 am
Reputation point: 20

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Cody Johnston » Fri Oct 18, 2013 6:23 pm

Here you go :)

SHA256: b3530b7519660996d28eb31a8d5b585ec60601843c77dd9f2b712812c99843e4
SHA1: 347b21e94912e99fb312153948d1f2758454e136
MD5: a8e0d4771c1f71709ddb63d9a75dc895
File name: 103.exe
Detection ratio: 32 / 48

https://www.virustotal.com/en/file/b353 ... /analysis/
You do not have the required permissions to view the files attached to this post.
Cody Johnston
 
Posts: 157
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Reputation point: 69

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby frame4-mdpro » Fri Oct 18, 2013 6:34 pm

MUCH appreciated :) !!
frame4-mdpro
 
Posts: 39
Joined: Wed Jul 13, 2011 1:53 am
Reputation point: 20

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby Cody Johnston » Sat Oct 19, 2013 12:05 am

New Crypt from today attached:

SHA256: 136e8991816b958bb76aaf22fefd18194cf78a80e95d572754f95e1f86149a65
SHA1: ea64129f9634ce8a7c3f5e0dd8c2e70af46ae8a5
MD5: f1e2de2a9135138ef5b15093612dd813
Detection ratio: 12 / 47

https://www.virustotal.com/en/file/136e ... /analysis/
You do not have the required permissions to view the files attached to this post.
Cody Johnston
 
Posts: 157
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Reputation point: 69

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby servarevitas3 » Mon Oct 21, 2013 11:08 pm

Anyone have a current sample? The last one posted has all the DNS requests either not resolving or resolving to sinkholes. Is this thing dead?
servarevitas3
 
Posts: 1
Joined: Fri Oct 18, 2013 7:52 pm
Reputation point: 0

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby emc74 » Tue Oct 22, 2013 6:48 am

Can a more recent file be posted so that I can download and attempt a recovery? Can I check that following the download I just execute the file?
emc74
 
Posts: 2
Joined: Sun Oct 20, 2013 9:53 am
Reputation point: 0

Re: CryptoLocker (Trojan:Win32/Crilock.A)

Postby emc74 » Tue Oct 22, 2013 10:58 pm

I have successfully used the downloaded file here and paid the money and it is working.
emc74
 
Posts: 2
Joined: Sun Oct 20, 2013 9:53 am
Reputation point: 0

PreviousNext

Return to Malware

Who is online

Users browsing this forum: No registered users and 11 guests