CryptXXX Ransomware

Forum for analysis and discussion about malware.

new ransomware

Postby patriq » Mon Apr 18, 2016 6:09 pm

64bit loader .dll (detection ratio 5/56)
https://virustotal.com/en/file/9ca837ca ... /analysis/

looks like some hybrid cryptowall/teslacrypt based only on ransom notes and payment C&C. Don't have a 64bit vm setup at the moment.

de_crypt.jpeg




Attached.
You do not have the required permissions to view the files attached to this post.
patriq
 
Posts: 109
Joined: Fri Jun 28, 2013 8:11 pm
Reputation point: 22

CryptXXX Ransomware

Postby Kafeine » Mon Apr 18, 2016 10:26 pm

Reveton guys are back in the Ransomware business.

https://www.proofpoint.com/us/threat-insight/post/cryptxxx-new-ransomware-actors-behind-reveton-dropping-angler

Attached it the zip with all the data mentionned in the post.
You do not have the required permissions to view the files attached to this post.
Kafeine
 
Posts: 105
Joined: Thu Jul 28, 2011 1:19 pm
Reputation point: 74

Re: CryptXXX Ransomware

Postby Kafeine » Tue Apr 19, 2016 9:55 am

FWIW This :

https://www.virustotal.com/file/51f939e ... 460955077/

Appears to be the associated DecryptionTools
Kafeine
 
Posts: 105
Joined: Thu Jul 28, 2011 1:19 pm
Reputation point: 74

Re: CryptXXX Ransomware

Postby Antelox » Sat May 14, 2016 6:57 am

Now both CryptXXX 1.0 and CryptXXX 2.0 can be decryptable by RannohDecryptor!

RannohDecryptor

BR,

Antelox
Antelox
 
Posts: 123
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 97

Re: CryptXXX Ransomware

Postby g00dv1n » Thu Jul 14, 2016 3:20 pm

New sample
You do not have the required permissions to view the files attached to this post.
g00dv1n
 
Posts: 5
Joined: Sat Nov 28, 2015 6:20 pm
Reputation point: 0

Re: CryptXXX Ransomware

Postby xors » Thu Jul 14, 2016 10:03 pm

g00dv1n wrote:New sample


In the attachment
You do not have the required permissions to view the files attached to this post.
@xorsthings
User avatar
xors
 
Posts: 132
Joined: Mon May 23, 2016 2:01 am
Location: Greece
Reputation point: 63

Re: CryptXXX Ransomware

Postby g00dv1n » Fri Jul 15, 2016 7:14 am

xors wrote:
g00dv1n wrote:New sample


In the attachment


Could you describe your strategy for unpack it ?

I looked the sample in Olly but i found only trash jumps and ReleaseMutex functions.

Thanks.
g00dv1n
 
Posts: 5
Joined: Sat Nov 28, 2015 6:20 pm
Reputation point: 0


Return to Malware

Who is online

Users browsing this forum: No registered users and 5 guests