DOS NUEVAS VARIANTES DE RANSOMWARE TESLACRYPT GENERADOS POR DOWNLOADER NEMUCOD RECIBIDOS ANEXADOS A MAIL MASIVOS

De la monitorización de ficheros anexados a e-mails masivos, que ayer controlabamos como variantes de NEMUCOD, hemos obtenido estos dos Ransomwares TESLACRYPT que añaden .VVV a la extension de los ficheros cifrados.

Los dos ejecutables en cuestión pasan a ser controlados a partir del ELISTARA 33.53 de hoy

Los preanalisis de virustotal de dichos ransomwares ofrecen los siguientes informes:

MD5 d65838fcc90378f965f642c5aa524fd4
SHA1 04379660c36bd42279cfa8fa3600efad3bc0c94d
File size 340.0 KB ( 348160 bytes )
SHA256: a9d40935c9715742b4cb60c8ddd66de11e163de80da27282d6e4b0ace637fe5b
File name: fgcepacroic.exe
Detection ratio: 29 / 54
Analysis date: 2015-12-11 08:53:44 UTC ( 3 minutes ago )

0 4

Antivirus Result Update
AVG Dropper.Generic9.AFFN 20151211
AVware Win32.Malware!Drop 20151211
Ad-Aware Trojan.GenericKD.2920722 20151211
AhnLab-V3 Win-Trojan/Teslacrypt.Gen 20151211
Arcabit Trojan.Generic.D2C9112 20151211
Avast Win32:Malware-gen 20151211
Avira TR/Dropper.Gen8 20151211
Baidu-International Trojan.Win32.Filecoder.EM 20151211
BitDefender Trojan.GenericKD.2920722 20151211
Bkav HW32.Packed.8F1D 20151210
DrWeb Trojan.Encoder.3219 20151211
ESET-NOD32 Win32/Filecoder.EM 20151211
Emsisoft Trojan-Ransom.Win32.TeslaCrypt (A) 20151211
F-Secure Trojan.GenericKD.2920722 20151211
Fortinet W32/Injector.COBY!tr 20151211
GData Trojan.GenericKD.2920722 20151211
Ikarus Trojan.Dropper 20151211
K7AntiVirus Riskware ( 0040eff71 ) 20151211
Kaspersky Trojan-Ransom.Win32.Bitman.aia 20151211
Malwarebytes Ransom.TeslaCrypt 20151211
McAfee GenericR-FHR!D65838FCC903 20151211
McAfee-GW-Edition BehavesLike.Win32.Downloader.fh 20151211
MicroWorld-eScan Trojan.GenericKD.2920722 20151211
Microsoft VirTool:Win32/CeeInject.gen!E 20151211
Qihoo-360 HEUR/QVM19.1.Malware.Gen 20151211
Rising PE:Trojan.Ransom-Tesla!1.A322 [F] 20151210
VIPRE Win32.Malware!Drop 20151211
ViRobot Trojan.Win32.R.Agent.348160.J[h] 20151211
nProtect Trojan/W32.Bitman.348160.C 20151211
y el otro similar que tambien pasamos controlar:
MD5 1b1af48fe1763db5e870208926beeb96
SHA1 fb8dd94834055ca2f408655175eae0909bdd2469
File size 344.0 KB ( 352256 bytes )
SHA256: 59ec60f232b17f3c80b05d3bd11f25978bbdd98bafdb323457993693e5cfd530
File name: bdvelacroic.exe
Detection ratio: 33 / 53
Analysis date: 2015-12-11 09:00:10 UTC ( 2 minutes ago )

0 2
Antivirus Result Update
AVG Zbot.AKRH 20151211
AVware Trojan.Win32.Generic!BT 20151211
Ad-Aware Trojan.GenericKD.2920305 20151211
AhnLab-V3 Win-Trojan/Teslacrypt.Gen 20151211
Antiy-AVL Trojan/Generic.ASMalwS.1605FD8 20151211
Arcabit Trojan.Generic.D2C8F71 20151211
Avast Win32:Malware-gen 20151211
Avira TR/Dropper.Gen8 20151211
Baidu-International Trojan.Win32.Yakes.nsbv 20151211
BitDefender Trojan.GenericKD.2920305 20151211
Bkav HW32.Packed.6DC3 20151210
Cyren W32/Trojan.CJXG-7645 20151211
DrWeb Trojan.Encoder.3158 20151211
ESET-NOD32 Win32/Filecoder.EM 20151211
Emsisoft Trojan.GenericKD.2920305 (B) 20151211
F-Prot W32/Trojan3.STJ 20151211
F-Secure Trojan.GenericKD.2920305 20151211
GData Trojan.GenericKD.2920305 20151211
Ikarus Trojan-Ransom.TeslaCrypt 20151211
K7AntiVirus Trojan ( 004b56ff1 ) 20151211
K7GW Trojan ( 004b56ff1 ) 20151211
Kaspersky Trojan.Win32.Yakes.nsbv 20151211
Malwarebytes Ransom.TeslaCrypt 20151211
McAfee Artemis!1B1AF48FE176 20151211
McAfee-GW-Edition Artemis!Trojan 20151211
MicroWorld-eScan Trojan.GenericKD.2920305 20151211
Qihoo-360 Win32/Trojan.Dropper.24a 20151211
Rising PE:Trojan.Ransom-Tesla!1.A322 [F] 20151210
TrendMicro Ransom_CRYPTESLA.XXYZ 20151211
TrendMicro-HouseCall Ransom_CRYPTESLA.XXYZ 20151211
VIPRE Trojan.Win32.Generic!BT 20151211
ViRobot Trojan.Win32.R.Agent.352256.D[h] 20151211
nProtect Trojan.Agent.BPAG 20151211

Dicha versión del ELISTARA 33.53 que los detecta y elimina, estará dispponible en nuestra web a partir de las 15 h CEST de hoy

saludos

ms, 11-12-2015