[ikolor]

Next..
https://www.virustotal.com/en/file/cfac ... 528389829/

[Antelox]

Next..
https://www.virustotal.com/en/file/cfac ... 528389829/

GandCrab ransomware js downloader

Payload: https://www.virustotal.com/en/file/dfa1 ... /analysis/

BR,

Antelox

[ikolor]

Request what is inside file .?????? 3 files

https://www.virustotal.com/en/file/3427 ... 541699001/

[Antelox]

Request what is inside file .?????? 3 files

https://www.virustotal.com/en/file/3427 ... 541699001/

MD5: 65b46fb8657bb696cd7fe3726b12ecff - AZORult with c2: hxxp://51.15.232.106/BB75F2F4-BB44-4C51-A62C-4A43BF10EE11/index.php

MD5: de030d9ae03c9a8d2bee41c0df01ee4d - GandCrab ransomware

MD5: 963e94ed59de1084eec4545380cd2386 - it seems just an infection reporter by logging number of requests to hxxps://2no.co/1FBR47

BR,

Antelox

[711PartTimeJob]

The specific variant I have is version 5.0.4.
I found it included with a version of the fastfolders installer that is bundled with various malware.
Encrypted files are marked with a .lhvguht extension.
Sets the following wallpaper:

MD5: de030d9ae03c9a8d2bee41c0df01ee4d
SHA-1: 1ebc7cb36a0f2d5b857de4f1c73f2c0b880c8629
SHA-256: a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926
VT [34/66]: https://www.virustotal.com/#/file/a45bd ... 47435fe926

a45bd4059d804b586397f43ee95232378d519c6b8978d334e07f6047435fe926.zip

pw=infected
(245.42 KiB) Downloaded 64 times