[Community-sigs] SADStory ransomware
Christopher Marczewski
cmarczewski at sourcefire.com
Thu Mar 30 10:19:18 EDT 2017
Askar,
Thank you again for another submission this week. This signature is
currently under review.
We'll be sure to keep you posted.
On Thu, Mar 30, 2017 at 10:07 AM, Askar Dyussekeyev <dyussekeyev at yandex.kz>
wrote:
> Hello!
>
> There is signature for SADStory ransomware.
>
> Info:
> - https://twitter.com/malwrhunterteam/status/845356853039190016
>
> Samples:
> - https://virustotal.com/ru/file/5ffcc8e0a35446289fd8c8f5dff035
> 90bb7eac02b665b364bb87b2961797401c/analysis/
> - https://www.hybrid-analysis.com/sample/5ffcc8e0a35446289fd8c8f5dff035
> 90bb7eac02b665b364bb87b2961797401c?environmentId=100
>
> Signature for python-based filecryptor (sha256:
> 5ffcc8e0a35446289fd8c8f5dff03590bb7eac02b665b364bb87b2961797401c) looks
> for specific string:
> Win.Filecryptor.SADStory:1:2453236:6C7563696665722E666F6F6C407961
> 6E6465782E636F6D??????????????????????68747470733A2F2F7777772E6C696C
> 7977686F2E69652F6A732F78617865702F
>
> Best regards,
> Askar
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>
--
--
Christopher Marczewski
Research Engineer
Talos Group
cmarczewski at sourcefire.com
Phone: 443.832.2975
More information about the Community-sigs
mailing list