Jump to content

Recommended Posts

Posted

One of our clients was attacked by a malware that encrypted various archives from a group of share folders.
The variants where identified as Win32/Kryptik.HTZJ and MSIL/Kryptik.AHUA

I added a .txt with the rescue message copied on the computers

image.png.d2fe200a21bd7261eb1bbba9cf41877f.png

image.png.41dc414f8824e3c5d72c6b9e268e2509.png

If can provide us more information about this malware and if there is a way to decrypted the files. 

We apreciate your help.

NotaRescate.txt

  • Administrators
Posted

88F122036D62EF4388E356C832CE6A85BDBF1BC1 seems to be Win32/Agent.AFPR trojan, not the ransomware itself. As for the other file, we don't have it so I can't tell what it is exactly. Please check your personal messages, I've asked for additional logs and a couple of encrypted files as well.

Posted

I would submit C:\Program Files\WinRar\WinRar.exe to VirusTotal for a scan and see if any of its scanners detect anything. It spawned the malicious .exe in the %Temp% directory.

Posted
On 8/4/2023 at 10:18 PM, itman said:

I would submit C:\Program Files\WinRar\WinRar.exe to VirusTotal for a scan and see if any of its scanners detect anything. It spawned the malicious .exe in the %Temp% directory.

I assume that he opened (or launched) a malicious file from the archive using legal Winrar.

A ransom note and a couple of encrypted files, if any, are needed to at least determine the type of encryption.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...