Rannoh

From Botnets.fr
Jump to: navigation, search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Rannoh
Alias Trustezeb
Group Police lock
Parent
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector
UserAgent Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.0; .NET CLR 1.0.2914)
CCProtocol HTTP (Centralized)
Activity 2012 /
Status
Language
Programming language
Operation/Working group

Introduction

Rançongiciel qui chiffre les fichiers du disque dur et les renommes sous la forme: “locked-<nom original>.<4 caractères aléatoire>”

 MD5: c36c46f4de045ef332decc006694db6e
 MD5: 81ff324d2023d8ecb98a127b87d51450
 MD5: 51b046256db58b603a27eba8dee05479 2013-01-18

C&C Call

 manualvilvotakano .com/una2/SF6344-GWXS-WEQOZ6.php?ltype=lk&id=[REDACTED]&ver=02.063&win=Windows_7_(64_bit)&loc=0x0409&cmd=pcc  2013-01-18
 manualvilvotakano .com/una2/SF6344-GWXS-WEQOZ6.php?ltype=lk&id=[REDACTED]&ver=02.063&win=Windows_7_(64_bit)&loc=0x0409&cmd=msg  2013-01-18

Features

Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
Attention! All data on your hardrive is encryptedTomas Prochazka
Michal Cebak
AVG2013
Etude sur le fonctionnement du Trojan.Matsnu.1 codant les données des utilisateursDr.Web2012
Malware analysis Rannoh/MatsnuPaul Rascagnères
Hugo Caron
Malware.lu2012
Ransomware ‘Holds Up’ victimsSravan GanachariMcAfee2012
Reversing malware loaders - The Matsnu-A CaseKyriakos Economou2012
What’s the buzz with BafruzMicrosoft2012

Lien externe