MalwareDisasters is a division of MalwareIntelligence. In the same test information is captured about the behavior of malicious code, and also offering the necessary countermeasures to mitigate the malicious actions in question.

3.05.2010

Another very active SMS Ransomware

Ransomware activities originating with Russia don't stop. Constantly looking for committing fraudulent business feeding the information located in the system.

In this case, it's another ransomware that is In-the-Wild, and its detection rate is very low.

When the malicious binary is executed, it causes an alleged error in IE.

Just create a plain text file called xFoLOOOSErs.txt with the following information:

installed
19793214

And creates a registry key.

The number stored in this file corresponds to the telephone number the user must send an SMS to unlock the system. However, this is not the only number that uses the cyber criminal, and that also can display the following:

1971482
19777877
197852
197971412

Furthermore, the number of activation may vary between:

5370
5373
7250

Technical data:
MD5: 0cc435c5bfe3444ce7151f8f2a319728
SHA1: 9c00c70b220da9b59fc9be55d37d7a1f94abb2e0
File size: 71168 bytes
Packer: -

Countermeasures
For any telephone numbers used by this variant of ransomware and above can use any of the following codes:

0000000
1973143

Maintain updated antivirus program.

Related information

0 comentarios:

Post a Comment