Ransomware-as-a-service, AKA Ransom32

Forum for analysis and discussion about malware.
Post Reply

Cody Johnston
Posts: 157
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Contact:

Re: Ransomware-as-a-service, AKA Ransom32

Post by Cody Johnston » Mon Jan 04, 2016 7:06 pm

Not everyone here has access to download on VT, would you please attach the sample to your post?

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Ransomware-as-a-service, AKA Ransom32

Post by Xylitol » Mon Jan 04, 2016 7:41 pm

Image

Meet Ransom32: The first JavaScript ransomware: http://blog.emsisoft.com/2016/01/01/mee ... ansomware/
The Ransom32 Affiliate System: http://www.bleepingcomputer.com/news/se ... avascript/
You do not have the required permissions to view the files attached to this post.

User avatar
p1nk
Posts: 43
Joined: Thu Oct 29, 2015 1:09 am

Re: Ransomware-as-a-service, AKA Ransom32

Post by p1nk » Tue Jan 05, 2016 12:21 am

Initial file [MD5: 5812a494c9c7c151afe93f70c6f96daf] is an archive with the following files:

Code: Select all

Path = 5812a494c9c7c151afe93f70c6f96daf
Type = Rar
Solid = -
Blocks = 64
Multivolume = -
Volumes = 1

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2015-07-29 07:42:10 ....A      7482865      1636804  nw.pak
2015-12-01 16:16:04 ....A        57344        20084  s.exe
2015-12-01 14:04:58 ....A          466          263  u.vbs
2015-02-03 01:42:06 ....A           15           15  locales/am.pak
2015-02-03 01:42:06 ....A           15           15  locales/ar.pak
2015-02-03 01:42:06 ....A           15           15  locales/bg.pak
2015-02-03 01:42:06 ....A           15           15  locales/bn.pak
2015-02-03 01:42:06 ....A           15           15  locales/ca.pak
... Skipped, all MD5: 7c321056f805aabd5a503821fa1994cd
2015-02-03 01:42:06 ....A           15           15  locales/vi.pak
2015-02-03 01:42:06 ....A           15           15  locales/zh-CN.pak
2015-02-03 01:42:06 ....A           15           15  locales/zh-TW.pak
2015-11-27 18:09:22 ....A        32028        10858  chrome                            <- EULA GNU General Public License
2015-07-29 07:42:04 ....A       961536       377912  ffmpegsumo.dll
2015-07-29 07:42:06 ....A     10457856      3558129  icudtl.dat
2015-11-19 13:44:32 ....A          117           98  msgbox.vbs
2015-11-27 00:18:50 D....            0            0  locales
2015-12-18 22:36:20 ....A      4378638      1303095  rundll32.exe
2015-12-19 20:37:08 ....A     47393225     16282591  chrome.exe
2015-12-31 23:53:44 .....          201          179  g                                        <- Shown below
------------------- ----- ------------ ------------  ------------------------
                              70765071     23190808  63 files, 1 folders
g:
{"affid":"1EnWWsdyrMiXPTU87bWtvW6zPL6ZczD61v","minshatoshis":10000000,"msg":{"msgboxtype":"16","msgboxmessage":"ERROR: main_gui_render.cc(237) Running without Renderer"},"lowcpu":true,"showBlock":true}

User avatar
Intimacygel
Posts: 24
Joined: Wed Jun 05, 2013 3:16 pm

Re: Ransomware-as-a-service, AKA Ransom32

Post by Intimacygel » Tue Jan 05, 2016 5:23 pm

Anyone have the onion link to the portal to create new samples?

User avatar
Xylitol
Global Moderator
Posts: 1652
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Contact:

Re: Ransomware-as-a-service, AKA Ransom32

Post by Xylitol » Wed Jan 06, 2016 12:30 pm

>> ransom32vgzgvkrz.onion

Post Reply