Cockblocker / CockLocker Ransomware

Forum for analysis and discussion about malware.

Cockblocker / CockLocker Ransomware

Postby 711PartTimeJob » Tue Nov 29, 2016 9:51 pm

A new ransomware in development has been found called "cockblocker" or sometimes "cocklocker". It encrypts files using RSA-2048 and renames them to a .hannah extension. Currently demands 1 BTC and displays a very ugly lock screen as seen here:
Image
You do not have the required permissions to view the files attached to this post.
711PartTimeJob
 
Posts: 6
Joined: Mon Feb 08, 2016 8:11 pm
Reputation point: 0

Re: Cockblocker / CockLocker Ransomware

Postby p1nk » Thu Dec 01, 2016 2:54 am

C2 server is: ws://collabvm.xyz:4444/rs

If you follow WHOIS data and bounce around a bit, you can find some links to https://github.com/cjhannah

GET /rs HTTP/1.1
User-Agent: websocket-sharp/1.0
Host: collabvm.xyz:4444
Upgrade: websocket
Connection: Upgrade
Sec-WebSocket-Key: TQAYVC2FuB/7rRtmYE3QAw==
Sec-WebSocket-Version: 13
User avatar
p1nk
 
Posts: 37
Joined: Thu Oct 29, 2015 1:09 am
Reputation point: 2

Re: Cockblocker / CockLocker Ransomware

Postby TETYYSs » Fri Dec 09, 2016 6:05 pm

User avatar
TETYYSs
 
Posts: 97
Joined: Fri Jun 28, 2013 6:51 pm
Reputation point: 20

Re: Cockblocker / CockLocker Ransomware

Postby huehuehuehue » Sun Mar 05, 2017 8:31 pm

This just was made for Danooct1's User Made Malware series
To decrypt files enter "not_a_backdoor"
huehuehuehue
 
Posts: 1
Joined: Sat Mar 04, 2017 11:42 pm
Reputation point: 0


Return to Malware

Who is online

Users browsing this forum: No registered users and 8 guests