KernelMode.info

by **tomatto007** » Tue Jun 27, 2017 5:46 pm

https://virustotal.com/ru/file/027cc450 ... /analysis/
https://virustotal.com/ru/file/e5c643f1 ... /analysis/

by **Damian9303** » Wed Jun 28, 2017 2:50 pm

Is this the one that struck out yesterday that infected computers via Network?

by **maddog4012** » Wed Jun 28, 2017 7:20 pm

Damian9303 wrote:Is this the one that struck out yesterday that infected computers via Network?

yes it is

by **Peior Crustulum** » Wed Jun 28, 2017 11:11 pm

maddog4012 wrote:
Damian9303 wrote:Is this the one that struck out yesterday that infected computers via Network?

yes it is

At the risk of sounding like a complete idiot, I was unable to execute the sample.
Am I missing something?

by **waffles2.0** » Thu Jun 29, 2017 11:45 am

The sample provided by the original comment is an older sample, the new one doesn't have the skull and crossbones. Attached is the sample that struck out hitting lots of companies over the past few days.

Use the command line to execute:

Code: Select all: rundll32.exe 027cc450ef5f8c5f653329641ec1fed91f694e0d229928963b30f6b0d7d3a745_98STJd8lju.dll, #1

You should also know that it schedules a shutdown /sleeps for about an hour after infection so you have to wait a while but once you boot up after shutdown it should take you to a screen like this:

then shortly after this:

KernelMode.info

Petya malware

Ransomware.Petya

Re: Petya malware

Re: Petya malware

Re: Petya malware

Re: Petya malware

Who is online