Zippy ransomeware

Forum for analysis and discussion about malware.

Zippy ransomeware

Postby maddog4012 » Mon Apr 18, 2016 4:35 pm

came across this over the weekend the java script came as an attachment with the following e-mail message

You have to appear in the Court on the April 22.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.

You can find the Court Notice is in the attachment.

Regards,
Brad Brock,
Court Secretary.


when executed it download a random file with a .png.exe ext
You do not have the required permissions to view the files attached to this post.
User avatar
maddog4012
 
Posts: 50
Joined: Mon Aug 04, 2014 6:53 pm
Reputation point: 44

Re: Zippy ransomeware

Postby Antelox » Wed Apr 20, 2016 2:40 pm

Antelox
 
Posts: 123
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 97

Re: Zippy ransomeware

Postby parviz » Mon Apr 25, 2016 5:39 am

maddog4012 wrote:came across this over the weekend the java script came as an attachment with the following e-mail message

You have to appear in the Court on the April 22.
You are kindly asked to prepare and bring the documents relating to the case to Court on the specified date.
Note: The case may be heard by the judge in your absence if you do not come.

You can find the Court Notice is in the attachment.

Regards,
Brad Brock,
Court Secretary.


when executed it download a random file with a .png.exe ext

can't find password
parviz
 
Posts: 2
Joined: Sun Mar 17, 2013 6:18 am
Reputation point: 0

Re: Zippy ransomeware

Postby TETYYSs » Mon Apr 25, 2016 11:47 am

parviz wrote:can't find password

protip: it's on current page you're viewing
User avatar
TETYYSs
 
Posts: 98
Joined: Fri Jun 28, 2013 6:51 pm
Reputation point: 20

Re: Zippy ransomeware

Postby Antelox » Fri Apr 29, 2016 1:06 pm

New Nemucod Variant. 7-zip is not used anymore.

https://glot.io/snippets/ee7hiif87k

BR,

Antelox
Antelox
 
Posts: 123
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 97

Re: Zippy ransomeware

Postby Intimacygel » Fri Apr 29, 2016 3:28 pm

Antelox wrote:New Nemucod Variant. 7-zip is not used anymore.

https://glot.io/snippets/ee7hiif87k

BR,

Antelox


Where do we download those variants from your link?
User avatar
Intimacygel
 
Posts: 24
Joined: Wed Jun 05, 2013 3:16 pm
Reputation point: 4

Re: Zippy ransomeware

Postby Antelox » Sun May 01, 2016 8:40 pm

In attachment the archive which contain the original email's attachment.

I wrote simple python scripts to extract the key and recover the files infected by this last Nemucod variant:

https://github.com/Antelox/NemucodFR

BR,

Antelox
You do not have the required permissions to view the files attached to this post.
Antelox
 
Posts: 123
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 97

Re: Zippy ransomeware

Postby Antelox » Sun May 22, 2016 1:31 pm

NemucodFR v. 0.2 is out. Now it handles 2 Nemucod variant.

https://github.com/Antelox/NemucodFR

BR,

Antelox
Antelox
 
Posts: 123
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 97


Return to Malware

Who is online

Users browsing this forum: No registered users and 12 guests