A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #29188  by xors
 Tue Sep 06, 2016 10:41 pm
One more
Attachments
password:infected
(300.05 KiB) Downloaded 103 times
 #29195  by tim
 Wed Sep 07, 2016 11:31 am
Anyone got a copy of the decrypter you get if you pay the ransom ?
 #29197  by xors
 Wed Sep 07, 2016 3:56 pm
ikolor wrote:Image
Please upload the sample and not an encrypted file
 #29228  by sysopfb
 Wed Sep 14, 2016 10:55 pm
ikolor wrote:next

https://www.virustotal.com/en/file/4ef2 ... 473348995/

Smoke Loader
ikolor wrote: next..

https://www.virustotal.com/en/file/e755 ... 473862240/
Teerac - Torrent Locker variant with sub domain generation algorithm
ikolor wrote: next..

https://www.virustotal.com/en/file/83fd ... 473881070/
Encoded data - looks like a locky download by javascript if I had to guess
 #29273  by xors
 Mon Sep 26, 2016 8:55 pm
It uses a new extension, '.odin'
Attachments
password:infected
(191.25 KiB) Downloaded 95 times
 #29302  by flrud2208
 Sat Oct 01, 2016 7:18 am
Locky is now using .odin extension.

Attached file came through email.

pass - infected123
Attachments
(12.5 KiB) Downloaded 78 times
  • 1
  • 8
  • 9
  • 10
  • 11
  • 12
  • 15