Casier

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Casier
Alias	Retacino, Karagny.L, Undefined-07
Group	Police lock, Ransomware
Parent	Goldenbaks
Sibling
Family
Relations	Variants: Sibling of: Parent of: Distribution of: Campaigns:
Target	Microsoft Windows
Origin
Distribution vector
UserAgent
CCProtocol
Activity	2012 /
Status
Language
Programming language
Operation/Working group

Introduction

Samples of the Karagny.L (? MS) Dropper: MD5:

 69e83126e526bda1edb44c802d9a1a6c
 13d4fa60a9bd7c12c0020ec3031cdc8e
 f3b37ec88b279cb6f6a10df5104543c1
 884f5d75b9ed1dcf9248a2378f82db72
 1b0edaa16e19954f319088fbf5f67829
 9a42acc44c3ab4435e3c160d8bcfaead 28/08/2012
 df2dc152f63576fda0c1bcd846840d65 04/09/12
 a4811501e920c5f39229dbbca41aa816 21/10/12

http:

 logunasens10.in POST /image/9rs/price.php 64.62.146.82 
 lewinckybest50.in POST /image/vladiny/price.php HTTP/1.1 64.62.146.81  04/09/12
 87.107.121.138 POST /price.php  21/10/12 - SubC&C

Features

Affiliation

Associated images

Casier AT (09-2012)
Casier BE (09-2012)
Casier DE (08-2012)
Casier DE (09-2012)
Casier DK (09-2012)
Casier ES (09-2012)
Casier FR (08-2012)
Casier FR (09-2012)
Casier IE (09-2012)
Casier LU (09-2012)
Casier NL (09-2012)
Casier PL (08-2012)
Casier PL (09-2012)
Casier UK (09-2012)
Casier US (09-2012)

Checksums / AV databases

Publications

	Author	Editor	Year
Gangstaservice Winlock Affiliate	Xylitol	Xylibox	2012
Karagny.L unpack	RootBSD	Malware.lu	2012
Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian (	Kafeine		2012
Ransomware « Trojan.Casier » Panel	Malekal morte	Malekal	2012