Locky ransomware

Forum for analysis and discussion about malware.

Re: Locky ransomware

Postby xors » Tue Nov 08, 2016 1:02 am

New parameter. 'makefile'
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 132
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 63

Re: Locky ransomware

Postby xors » Tue Nov 08, 2016 1:32 am

One more, 'woody' as parameter

Image
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 132
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 63

Re: Locky ransomware

Postby xors » Wed Nov 09, 2016 1:53 am

0001 as parameter
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 132
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 63

Re: Locky ransomware

Postby xors » Wed Nov 09, 2016 2:06 am

Using 'boobs' as parameter
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 132
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 63

Re: Locky ransomware

Postby xors » Wed Nov 09, 2016 6:58 pm

Using 'testtest' as parameter.
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 132
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 63

Re: Locky ransomware

Postby xors » Fri Nov 11, 2016 2:38 pm

Recent locky. with 'app' as parameter.
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 132
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 63

Re: Locky ransomware

Postby Kick10 » Fri Nov 11, 2016 9:33 pm

Droppers, that require numeric key for parameter are no longer used?
Kick10
 
Posts: 16
Joined: Mon Mar 22, 2010 11:02 am
Location: Ukraine
Reputation point: 0

Re: Locky ransomware

Postby xors » Sat Nov 12, 2016 1:00 am

Used 'nipples' as parameter.
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 132
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 63

Re: Locky ransomware

Postby yaniva » Wed Nov 16, 2016 8:03 am

Can i run it with this command:
rundll32.exe 'DllName' 'ParameterName'
?
yaniva
 
Posts: 6
Joined: Thu Jan 07, 2016 12:30 pm
Reputation point: 0

Re: Locky ransomware

Postby Bogdan-Mihai » Fri Nov 25, 2016 10:21 am

There's a new one in the wild.
I think this is it: https://www.virustotal.com/en/file/4b9a ... 479986832/
Some send it as .hta file, in facebook messenger looks like a picture. People think is an image so they double click it.
Bogdan-Mihai
 
Posts: 16
Joined: Thu Mar 24, 2016 9:37 am
Reputation point: 4

PreviousNext

Return to Malware

Who is online

Users browsing this forum: Nick1978 and 7 guests