Casier

From Botnets.fr
Jump to navigation Jump to search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Casier
Alias Retacino, Karagny.L, Undefined-07
Group Police lock, Ransomware
Parent Goldenbaks
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector
UserAgent
CCProtocol
Activity 2012 /
Status
Language
Programming language
Operation/Working group

Introduction

Samples of the Karagny.L (? MS) Dropper: MD5:

 69e83126e526bda1edb44c802d9a1a6c
 13d4fa60a9bd7c12c0020ec3031cdc8e
 f3b37ec88b279cb6f6a10df5104543c1
 884f5d75b9ed1dcf9248a2378f82db72
 1b0edaa16e19954f319088fbf5f67829
 9a42acc44c3ab4435e3c160d8bcfaead 28/08/2012
 df2dc152f63576fda0c1bcd846840d65 04/09/12
 a4811501e920c5f39229dbbca41aa816 21/10/12

http:

 logunasens10.in POST /image/9rs/price.php 64.62.146.82 
 lewinckybest50.in POST /image/vladiny/price.php HTTP/1.1 64.62.146.81  04/09/12
 87.107.121.138 POST /price.php  21/10/12 - SubC&C

Features


Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
Gangstaservice Winlock AffiliateXylitolXylibox2012
Karagny.L unpackRootBSDMalware.lu2012
Ransomware Casier - Sharing Design with Lyposit - Gaelic & Persian (Kafeine2012
Ransomware « Trojan.Casier » PanelMalekal morteMalekal2012