Kriptovor (Russian Ransomware and Infostealer)

Forum for completed malware requests.

Kriptovor (Russian Ransomware and Infostealer)

Postby Fedor22 » Sun Jan 21, 2018 2:45 pm

Encrypts data using AES encryption, and then requires emailing extortionists to discover out the cost of the decryptor. Data is encrypted on all local and connected network drives. After encryption, shadow copies of files are deleted. Initially, Kriptovor was a password stealer, but later received additional extortionary functionality. Distributed through email-attachments, which can be called something like: "Резюме на вакантную должность", which translates to: "Resume for the vacant post". The addresses of the senders are constantly changing. The previously collected list includes:
y.volkova@i-jazz.ru
kirova.l@mutualizm.ru
kirova.ls@orangedv.tmweb.ru
kirova-l@wibor5.ru
abramova.l@wibor5.ru
abramova@sabona.ru
l_abramova@festivalps.ru
l_abramova@wibor5.ru
MD5 hashes of word documents, infostealers, rar archives and ransomwares here (plus more information about this): https://www.fireeye.com/blog/threat-res ... ptovo.html
Fedor22
 
Posts: 14
Joined: Sun Dec 03, 2017 5:50 pm
Location: Russian Federation
Reputation point: 20

Re: Kriptovor (Russian Ransomware and Infostealer)

Postby Xylitol » Mon Jan 22, 2018 8:51 am

in attachement
You do not have the required permissions to view the files attached to this post.
User avatar
Xylitol
Global Moderator
 
Posts: 1650
Joined: Sat Apr 10, 2010 5:54 pm
Location: Seireitei, Soul Society
Reputation point: 508

Re: Kriptovor (Russian Ransomware and Infostealer)

Postby Antelox » Mon Jan 22, 2018 9:07 am

Some more:

https://anonfile.com/BcYc0cd3b5/samples.zip (too big to upload here as attachment)

BR,

Antelox
Antelox
 
Posts: 146
Joined: Sun Mar 21, 2010 10:38 pm
Reputation point: 122


Return to Completed Malware Requests

Who is online

Users browsing this forum: No registered users and 3 guests