Encryptor RaaS

#26391 by Cody Johnston
Mon Jul 27, 2015 8:23 pm

I came across this post on Reddit today, looks like someone has a new Ransomware As A Service up and running.

Original Thread:

https://www.reddit.com/r/Malware/commen ... ansomware/

Generate Encryptor:

hxxp://encryptor3awk6px.onion/

Get Decrypter:

hxxp://decryptoraveidf7.onion/

The interface is very plain:

Builder:

Decrypter:

Encrypts the following file extensions:

Code: Select all

.3ds.3g2.3gp.7z.abw.accdb.ai.aif.arc.as.asc.asf.ashdisc.asm.asp.aspx.asx.aup.avi.bbb.bdb.bibtex.bkf.bmp.bpn.btd.bz2.c.cdi.cer.cert.cfm.cgi.cpio.cpp.crt.csr.cue.c++.dds.dem.dmg.doc.docm.docx.dsb.dwg.dxf.eddx.edoc.eml
.emlx.eps.epub.fdf.ffu.flv.gam.gcode.gho.gif.gpx.gz.h.hbk.hdd.hds.hpp.h++.ics.idml.iff.img.indd.ipd.iso.isz.iwa.j2k.jp2.jpf.jpeg.jpg.jpm.jpx.jsp.jspa.jspx.jst.key.keynote.kml.kmz.lic.lwp.lzma.m3u.m4a.m4v.max.mbox.md2.mdb
.mdbackup.mddata.mdf.mdinfo.mds.mid.mov.mp3.mp4.mpa.mpb.mpeg.mpg.mpj.mpp.msg.mso.nba.nbf.nbi.nbu.nbz.nco.nes.note.nrg.nri.ods.odt.ogg.ova.ovf.oxps.p2i.p65.p7.pages.pct.pdf.pem.phtm.phtml.php.php3.php4.php5
.phps.phpx.phpxx.pl.plist.pmd.pmx.png.ppdf.pps.ppsm.ppsx.ppt.pptm.pptx.ps.psd.pspimage.pst.pub.pvm.qcn.qcow.qcow2.qt.ra.rar.raw.rm.rtf.s.sbf.set.skb.slf.sme.smm.spb.sql.srt.ssc.ssi.stg.stl.svg.swf.sxw.syncdb.tar.tc.tex
.tga.thm.tif.tiff.toast.torrent.tpl.ts.txt.vbk.vcard.vcd.vcf.vdi.vfs4.vhd.vhdx.vmdk.vob.wbverify.wav.webm.wmb.wpb.wps.xdw.xlr.xls.xlsx.xz.yuv.zip.zipx

VT for a fresh "demo" encryptor sample (0/55 as of this post):

MD5 d87ba0bfce1cdb17fd243b8b1d247e88
SHA1 123dd6ef839dd502a10070f0242d925bf75ce96e
SHA256 a8a88dde42ab96300854a803685db61c1e237633f0a6e51fbdb42aa39fa5abd9
https://www.virustotal.com/en/file/a8a8 ... 438027933/

Attachments

encryptor_raas.zip

Password: infected
(99.95 KiB) Downloaded 80 times

Username

Cody Johnston

Posts

157

Joined

Sun May 01, 2011 4:33 pm

Location

Los Angeles, CA

Contact

Encryptor RaaS

Encryptor RaaS

Attachments

Re: Encryptor RaaS