[Community-sigs] SADStory ransomware
Askar Dyussekeyev
dyussekeyev at yandex.kz
Thu Mar 30 10:07:34 EDT 2017
Hello!
There is signature for SADStory ransomware.
Info:
- https://twitter.com/malwrhunterteam/status/845356853039190016
Samples:
- https://virustotal.com/ru/file/5ffcc8e0a35446289fd8c8f5dff03590bb7eac02b665b364bb87b2961797401c/analysis/
- https://www.hybrid-analysis.com/sample/5ffcc8e0a35446289fd8c8f5dff03590bb7eac02b665b364bb87b2961797401c?environmentId=100
Signature for python-based filecryptor (sha256: 5ffcc8e0a35446289fd8c8f5dff03590bb7eac02b665b364bb87b2961797401c) looks for specific string:
Win.Filecryptor.SADStory:1:2453236:6C7563696665722E666F6F6C4079616E6465782E636F6D??????????????????????68747470733A2F2F7777772E6C696C7977686F2E69652F6A732F78617865702F
Best regards,
Askar
More information about the Community-sigs
mailing list