Ransomware-as-a-service, AKA Ransom32

Forum for analysis and discussion about malware.

Ransomware-as-a-service, AKA Ransom32

Postby maddog4012 » Mon Jan 04, 2016 7:00 pm

User avatar
maddog4012
 
Posts: 48
Joined: Mon Aug 04, 2014 6:53 pm
Reputation point: 41

Re: Ransomware-as-a-service, AKA Ransom32

Postby Cody Johnston » Mon Jan 04, 2016 7:06 pm

Not everyone here has access to download on VT, would you please attach the sample to your post?
Cody Johnston
 
Posts: 157
Joined: Sun May 01, 2011 4:33 pm
Location: Los Angeles, CA
Reputation point: 69

Re: Ransomware-as-a-service, AKA Ransom32

Postby Xylitol » Mon Jan 04, 2016 7:41 pm

Image

Meet Ransom32: The first JavaScript ransomware: http://blog.emsisoft.com/2016/01/01/mee ... ansomware/
The Ransom32 Affiliate System: http://www.bleepingcomputer.com/news/se ... avascript/
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1635
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 494

Re: Ransomware-as-a-service, AKA Ransom32

Postby p1nk » Tue Jan 05, 2016 12:21 am

Initial file [MD5: 5812a494c9c7c151afe93f70c6f96daf] is an archive with the following files:

Code: Select all
Path = 5812a494c9c7c151afe93f70c6f96daf
Type = Rar
Solid = -
Blocks = 64
Multivolume = -
Volumes = 1

   Date      Time    Attr         Size   Compressed  Name
------------------- ----- ------------ ------------  ------------------------
2015-07-29 07:42:10 ....A      7482865      1636804  nw.pak
2015-12-01 16:16:04 ....A        57344        20084  s.exe
2015-12-01 14:04:58 ....A          466          263  u.vbs
2015-02-03 01:42:06 ....A           15           15  locales/am.pak
2015-02-03 01:42:06 ....A           15           15  locales/ar.pak
2015-02-03 01:42:06 ....A           15           15  locales/bg.pak
2015-02-03 01:42:06 ....A           15           15  locales/bn.pak
2015-02-03 01:42:06 ....A           15           15  locales/ca.pak
... Skipped, all MD5: 7c321056f805aabd5a503821fa1994cd
2015-02-03 01:42:06 ....A           15           15  locales/vi.pak
2015-02-03 01:42:06 ....A           15           15  locales/zh-CN.pak
2015-02-03 01:42:06 ....A           15           15  locales/zh-TW.pak
2015-11-27 18:09:22 ....A        32028        10858  chrome                            <- EULA GNU General Public License
2015-07-29 07:42:04 ....A       961536       377912  ffmpegsumo.dll
2015-07-29 07:42:06 ....A     10457856      3558129  icudtl.dat
2015-11-19 13:44:32 ....A          117           98  msgbox.vbs
2015-11-27 00:18:50 D....            0            0  locales
2015-12-18 22:36:20 ....A      4378638      1303095  rundll32.exe
2015-12-19 20:37:08 ....A     47393225     16282591  chrome.exe
2015-12-31 23:53:44 .....          201          179  g                                        <- Shown below
------------------- ----- ------------ ------------  ------------------------
                              70765071     23190808  63 files, 1 folders

g:
{"affid":"1EnWWsdyrMiXPTU87bWtvW6zPL6ZczD61v","minshatoshis":10000000,"msg":{"msgboxtype":"16","msgboxmessage":"ERROR: main_gui_render.cc(237) Running without Renderer"},"lowcpu":true,"showBlock":true}
User avatar
p1nk
 
Posts: 39
Joined: Thu Oct 29, 2015 1:09 am
Reputation point: 2

Re: Ransomware-as-a-service, AKA Ransom32

Postby Intimacygel » Tue Jan 05, 2016 5:23 pm

Anyone have the onion link to the portal to create new samples?
User avatar
Intimacygel
 
Posts: 24
Joined: Wed Jun 05, 2013 3:16 pm
Reputation point: 4

Re: Ransomware-as-a-service, AKA Ransom32

Postby Xylitol » Wed Jan 06, 2016 12:30 pm

>> ransom32vgzgvkrz.onion
User avatar
Xylitol
Global Moderator
 
Posts: 1635
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 494


Return to Malware

Who is online

Users browsing this forum: No registered users and 5 guests