Felipe osorio 0 Posted August 3, 2023 Posted August 3, 2023 One of our clients was attacked by a malware that encrypted various archives from a group of share folders. The variants where identified as Win32/Kryptik.HTZJ and MSIL/Kryptik.AHUA I added a .txt with the rescue message copied on the computers If can provide us more information about this malware and if there is a way to decrypted the files. We apreciate your help. NotaRescate.txt
Administrators Marcos 5,461 Posted August 4, 2023 Administrators Posted August 4, 2023 88F122036D62EF4388E356C832CE6A85BDBF1BC1 seems to be Win32/Agent.AFPR trojan, not the ransomware itself. As for the other file, we don't have it so I can't tell what it is exactly. Please check your personal messages, I've asked for additional logs and a couple of encrypted files as well.
itman 1,806 Posted August 4, 2023 Posted August 4, 2023 I would submit C:\Program Files\WinRar\WinRar.exe to VirusTotal for a scan and see if any of its scanners detect anything. It spawned the malicious .exe in the %Temp% directory.
safety 8 Posted August 8, 2023 Posted August 8, 2023 On 8/4/2023 at 10:18 PM, itman said: I would submit C:\Program Files\WinRar\WinRar.exe to VirusTotal for a scan and see if any of its scanners detect anything. It spawned the malicious .exe in the %Temp% directory. I assume that he opened (or launched) a malicious file from the archive using legal Winrar. A ransom note and a couple of encrypted files, if any, are needed to at least determine the type of encryption.
Recommended Posts