Locky ransomware

Forum for analysis and discussion about malware.
User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Tue Nov 08, 2016 1:02 am

New parameter. 'makefile'
You do not have the required permissions to view the files attached to this post.
@xorsthings

User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Tue Nov 08, 2016 1:32 am

One more, 'woody' as parameter

Image
You do not have the required permissions to view the files attached to this post.
@xorsthings

User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Wed Nov 09, 2016 1:53 am

0001 as parameter
You do not have the required permissions to view the files attached to this post.
@xorsthings

User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Wed Nov 09, 2016 2:06 am

Using 'boobs' as parameter
You do not have the required permissions to view the files attached to this post.
@xorsthings

User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Wed Nov 09, 2016 6:58 pm

Using 'testtest' as parameter.
You do not have the required permissions to view the files attached to this post.
@xorsthings

User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Fri Nov 11, 2016 2:38 pm

Recent locky. with 'app' as parameter.
You do not have the required permissions to view the files attached to this post.
@xorsthings

Kick10
Posts: 16
Joined: Mon Mar 22, 2010 11:02 am
Location: Ukraine

Re: Locky ransomware

Post by Kick10 » Fri Nov 11, 2016 9:33 pm

Droppers, that require numeric key for parameter are no longer used?

User avatar
xors
Posts: 138
Joined: Mon May 23, 2016 2:01 am

Re: Locky ransomware

Post by xors » Sat Nov 12, 2016 1:00 am

Used 'nipples' as parameter.
You do not have the required permissions to view the files attached to this post.
@xorsthings

yaniva
Posts: 6
Joined: Thu Jan 07, 2016 12:30 pm

Re: Locky ransomware

Post by yaniva » Wed Nov 16, 2016 8:03 am

Can i run it with this command:
rundll32.exe 'DllName' 'ParameterName'
?

Bogdan-Mihai
Posts: 16
Joined: Thu Mar 24, 2016 9:37 am

Re: Locky ransomware

Post by Bogdan-Mihai » Fri Nov 25, 2016 10:21 am

There's a new one in the wild.
I think this is it: https://www.virustotal.com/en/file/4b9a ... 479986832/
Some send it as .hta file, in facebook messenger looks like a picture. People think is an image so they double click it.

Post Reply