Felipe osorio 0 Posted August 3 Share Posted August 3 One of our clients was attacked by a malware that encrypted various archives from a group of share folders. The variants where identified as Win32/Kryptik.HTZJ and MSIL/Kryptik.AHUA I added a .txt with the rescue message copied on the computers If can provide us more information about this malware and if there is a way to decrypted the files. We apreciate your help. NotaRescate.txt Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,841 Posted August 4 Administrators Share Posted August 4 88F122036D62EF4388E356C832CE6A85BDBF1BC1 seems to be Win32/Agent.AFPR trojan, not the ransomware itself. As for the other file, we don't have it so I can't tell what it is exactly. Please check your personal messages, I've asked for additional logs and a couple of encrypted files as well. Quote Link to comment Share on other sites More sharing options...
itman 1,595 Posted August 4 Share Posted August 4 I would submit C:\Program Files\WinRar\WinRar.exe to VirusTotal for a scan and see if any of its scanners detect anything. It spawned the malicious .exe in the %Temp% directory. Quote Link to comment Share on other sites More sharing options...
safety 5 Posted August 8 Share Posted August 8 On 8/4/2023 at 10:18 PM, itman said: I would submit C:\Program Files\WinRar\WinRar.exe to VirusTotal for a scan and see if any of its scanners detect anything. It spawned the malicious .exe in the %Temp% directory. I assume that he opened (or launched) a malicious file from the archive using legal Winrar. A ransom note and a couple of encrypted files, if any, are needed to at least determine the type of encryption. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.