A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #22652  by Intimacygel
 Tue Apr 08, 2014 4:46 pm
Okay I got one that is currently working, Just got off box a couple hours ago.

Looks like first drop was april 4th, but the active cryptolocker process C:\Users\Office\AppData\Local\Fwuisgmpixozj.exe 91126BEDF521E6527C46EB1EAF03475A is only a few hours old in VT
Attachments
pw = infected
(616.52 KiB) Downloaded 193 times
 #22861  by Intimacygel
 Tue May 13, 2014 1:51 pm
Anyone know of a way of modifying a previous sample to encrypt indefinitely even if all servers are down? It would be useful for presentations or just general education as most samples are no longer working after a few days.

Much Appreciated
 #23577  by Sargerras
 Mon Aug 11, 2014 11:01 am
Sure, here is a sample of the encrypted file.
My thoughts that FireEye and Fox it get database from they C&C server. And keys are not working for new versions.
Attachments
pass: encrypted
(2.35 KiB) Downloaded 87 times
  • 1
  • 8
  • 9
  • 10
  • 11
  • 12