Ransom.ExpBoot#2 (19.07.08)

petr0vic

https://c-t.work/s/d8c8fa335f3b4c

infected

https://twitter.com/petrovic082/status/1148300229051113473

Please send samples to vendors after the test

petr0vic

kis 20
default settings
miss

petr0vic

Q: What is wrong with my file?\r\nA: Oops, your important files are encrypted. This means you will no longer be able to access them until you decrypt them.\r\nIf you follow our instructions, we guarantee that you can decrypt all files quickly and safely!\r\n\r\nQ: What should I do?\r\nA: First of all, you need to pay a service fee for decryption, a total of 10,000 batteries.\r\nPlease charge 10,000 batteries to this user (UID: 185636167)\r\nFollow the instructions! (You may need to temporarily disable anti-virus software.)\r\nAfter opening the link, click the charging button on the right to charge 10,000 batteries and leave a message for your contact. (only for your email)\r\n\r\nQ: How can I believe it?\r\nA: Don't worry about decryption.\r\nWe will definitely decrypt your files, because if we deceive users, no one will trust us.

1. xxxs://space.bilibili.com/185636167

复制代码

Jirehlov1234

09.07.2019 06.38.19;检测到的对象 ( 文件 ) 已删除;E:\TEST\Vir (1)\exp.exe;E:\TEST\Vir (1)\exp.exe;UDS:Trojan-Ransom.MSIL.Encoder.gen

09.07.2019 06.38.19;检测到的对象 ( 文件 ) 已移动至隔离;E:\TEST\Vir (1)\exp1.exe;E:\TEST\Vir (1)\exp1.exe;UDS:Trojan-Ransom.MSIL.Encoder.gen

www-tekeze

智量Heur清空，火绒miss all，有空双击。。

liangxy

eset miss all

Nocria

To ESET.

1. <div>2019/7/9 8:44:39;ESET Kernel;File  'C:\Users\promi\Desktop\Vir\exp.exe' was sent to ESET for analysis.;SYSTEM</div><div>2019/7/9 8:44:46;ESET Kernel;File  'C:\Users\promi\Desktop\Vir\exp1.exe' was sent to ESET for analysis.;SYSTEM</div>

复制代码

桑德尔

ESET Miss

B100D1E55

桑德尔 发表于 2019-7-9 08:55
ESET Miss

才夸了一下就二次扑街，刚刚提交了样本……

a233

Avast Miss all
双击exp.exe  防御成功


exp1.exe  防御成功