Ransom.EY

From Botnets.fr
Jump to: navigation, search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Ransom.EY
Alias Ransomgerpo
Group Police lock, Ransomware
Parent
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target
Origin
Distribution vector
UserAgent
CCProtocol
Activity 2011 / 2013-02-13
Status
Language
Programming language
Operation/Working group

Introduction

  • n'est pas un silent Winlocker.
  • la localisation est propre au binaire semble-il.
  • Un de ses développeurs/administrateurs aurait été interpellé à Dubaï suite à une enquête de la police espagnole.

md5 (most of them provided by Symantec) :

 2a343e2840ad4c38e00aa2d4f0a18d63
 5841bd6493edf3c8539d72a1515cdd73
 058923fb0cc862790d2a97bdd4b28884
 335cbb6129efeb0b79dc2fe50ebb42b1
 f76264b3f771e757a0c22799d22e0ac7
 308424e866c86dc979cf13cad2a98b0d
 5f98dd6149ac85b6d5f50a613dda4212
 5cedfeab91a1de56878e9f3fa9626a17
 cedfe0b8fdd42c735af26549963da480
 1e698a07158acc2b2146455cb396661b
 bde20108f9d0def9e97476661aff3452
 5393d2384faa8e87f8066771833f5a0d
 8ddf6006aebdef3d9fc6b5348b63d9c3
 30cd69fe28bae14bda5a5e04867368aa
 31c12b227ed897fb44cfff1620411afc
 4dcc387dda16a82badcba27ddda3ae29
 76951ff824e90ea2f1f15f101097ffc3
 50aafd2ec42cf21c237d6146da8bb4ec
 c7d9a6ee7b2fa9857b4b9be224cc3821
 89c7b959e1146673515a66736b1ce11b
 2d16bb9add3f91b2100001a6fce0af9a
 6ec959eb9b0d3615aa73f4f36d9304d2
 046d5e83393c1db9337fe8fc1e75665c
 c6232038564c1be8554364a59ca2d5b0
 541662fe54e7607fcccba98051ebed36
 9e944dabf9c9f8bc0ff6ec0dedce4455
 0535086fb1b7d8a37b2c9dd16f9a805d
 25d6614cfc404230d25acfcafb437964
 73cecdbb872be4a7696d3d4c0e19ab09
 6bec7eedd51991f582d740ab4ab523e1
 239c06e68877d91687ba5ed1ccd6c105
 ec099770bebc022be1bde101f82c884a
 ef3a5eb4a85a388edf7a7e083136edc4
 4e4bd9a5c01ed4ea01bd3246f16bae0c
 95683e88c71ee372314ad8953ce9e241
 e2bb0028313ba43a2a92da484dea5a35
 caff8f57c1c650843bdc71daf398d2c3
 1d8c4a3320d0abad037311ae3fd9fbe2
 430f57a5cffdf698cd9c97d86062252d
 65e9ef4efd7366d659f3acece1370c07
 6ac9f81c2be49c77dbec0ad5f6fc95c6
 2a343e2840ad4c38e00aa2d4f0a18d63 20/11/12

Http get:

 37.221.162.6 /i.php?a=866 20/11/12

Features

Associated images

Checksums / AV databases

Publications

 AuthorEditorYear
Trojan.Ransomgerpo criminal arrestedSymantec Security ResponseSymantec2013