[thisisu]

This one is Reveton too I think.
MD5: 03603beabe95a20af2f0abea40678ab5
https://www.virustotal.com/file/eb4e91b ... /analysis/

[thisisu]

Reveton
MD5: 538ffc4f14dbeb8e817003d69ec50dac
https://www.virustotal.com/file/dfca87f ... /analysis/

[rkhunter]

via FBI PressOffice https://twitter.com/FBIPressOffice/stat ... 7456833536 http://www.ic3.gov/media/2012/120530.aspx
CITADEL MALWARE DELIVERS REVETON RANSOMWARE IN ATTEMPTS TO EXTORT MONEY

[Win32:Virut]

Reveton

MD5: 6599ac9457b9b5e9ca0acd462cfad5bc

https://www.virustotal.com/file/86ae4f6 ... /analysis/

[dumb110]

Anybody has samples for this malware??Please..

[Mut4nt]

http://www.kernelmode.info/forum/viewto ... ba0#p12786

[Cody Johnston]

I don't have a dropper for it, but here are the files. Here's how to run it:

copy the exe to a location on your hdd
copy the ctfmon shortcut into the startup folder
change the arguments in the ctfmon shortcut to match your file location
launch the shortcut or reboot

https://www.virustotal.com/file/0e65b51 ... /analysis/

MD5:

d3d0ceca177eb65084dda9c287ae2649

[dumb110]

thanks a lot guys! :D

[Kafeine]

This is Reveton.
See https://www.botnets.fr/index.php/Reveton (Can't retrieve Portugal.. :'( )
You can launch it via : rundll32 "path/to/sample",FQ10

[leeno]

Looking for these samples :

http://www.cbc.ca/news/canada/ottawa/st ... -scam.html
http://www.f-secure.com/v-descs/trojan_ ... eton.shtml

help highly appreciated !

Any one with reference to live CnC