SIGUEN LLEGANDO MAILS INFECTADOS CON CRYPTOLOCKER.ENC

Como en estos últimos días, van llegando mails anexando fichero Carta_Certificada.js cuya ejecución descarga e instala nuevas variantes del Cryptolocker.enc, que añade .enc a los ficheros cifrados.

El preanalisis de virustotal de las últimas 4 variantes recibidas, ofrecen los siguientes informes:

variante de Cryptolocker.ENC
controlado a partir de ELISTARA 35.15
www.satinfo.es

MD5 959e37a009c1530567d17913bf408685
SHA1 fcf5cbe1a4940a2c469459e85c16221f6acd842c
File size 563.5 KB ( 577024 bytes )
SHA256: 4d57eeab8453e919f63cbcea62bfc31bec063b12f563b0cdddbf9b4264f6b807
File name: aqeqybyx.exe
Detection ratio: 10 / 58
Analysis date: 2016-09-06 11:30:35 UTC ( 7 minutes ago )
0
1

Antivirus Result Update
AegisLab Uds.Dangerousobject.Multi!c 20160906
Avast Win32:Malware-gen 20160906
Avira (no cloud) TR/Crypt.ZPACK.tleee 20160906
Baidu Win32.Trojan.Kryptik.alb 20160906
Bkav HW32.Packed.BC27 20160905
CrowdStrike Falcon (ML) malicious_confidence_85% (W) 20160725
Invincea ransom.win32.cerber.a 20160830
Kaspersky UDS:DangerousObject.Multi.Generic 20160906
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160906
Rising Malware.Generic!ZX4JYVOY16U@2 (thunder) 20160906

MD5 daef95ce4653da11a3b60b872ca830cc
SHA1 2db848f2e117b753f1eeac73ab66efaee00f2159
File size 429.5 KB ( 439808 bytes )

SHA256: 52f0d72b286fd2e66352e27b15dff560159d10bf015c124995662e85afac39c2
File name: egsmanul.exe
Detection ratio: 14 / 58
Analysis date: 2016-09-06 12:42:44 UTC ( 2 minutes ago )
0
1

Antivirus Result Update
Avast Win32:Malware-gen 20160906
TotalDefense Win32/FakeMS.WOCR 20160906
Baidu Win32.Trojan.Kryptik.anp 20160906
Cyren W32/Cerber.F.gen!Eldorado 20160906
F-Prot W32/Cerber.F.gen!Eldorado 20160906
Kaspersky UDS:DangerousObject.Multi.Generic 20160906
Invincea trojandropper.win32.bunitu.g 20160830
Symantec Ransom.TorrentLocker 20160906
Malwarebytes Ransom.Crypt0L0cker 20160906
Rising Malware.Generic!jSZX0m9kHmO@2 (thunder) 20160906
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Bkav HW32.Packed.60BC 20160905
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160906
ESET-NOD32 a variant of Win32/Kryptik.FFTA 20160906

MD5 5c499270cebdcaf277c466260ba931ea
SHA1 2ed4c6b78e29e308ef69b09cb88188a19d35f803
File size 563.5 KB ( 577024 bytes )
SHA256: d347c41aae1c771f19b5b6eb7f14df8e40a1f4f21494ce84de474d753170f132
File name: file.exe
Detection ratio: 6 / 58
Analysis date: 2016-09-06 11:18:50 UTC ( 1 hour, 27 minutes ago )
0
1

Antivirus Result Update
Baidu Win32.Trojan.Kryptik.alb 20160906
Bkav HW32.Packed.FAB9 20160905
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20160725
Invincea ransom.win32.cerber.a 20160830
Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20160906
Rising Malware.Generic!ZX4JYVOY16U@2 (thunder) 20160906

MD5 60f972497d5ce25ab7233c2d9b234a87
SHA1 60ea60e87b109916ef712023693809efbcb08e0e
File size 429.5 KB ( 439808 bytes )
SHA256: 7c80f443222d0e7b9464e394f526326e0ce59ecd05e21c917ff49b2bac419fc3
File name: file.exe
Detection ratio: 14 / 57
Analysis date: 2016-09-06 12:01:32 UTC ( 47 minutes ago )
0
1

Antivirus Result Update
AhnLab-V3 Trojan/Win32.Agent.N2098448382 20160906
Avast Win32:Malware-gen 20160906
Avira (no cloud) TR/Crypt.Xpack.fgf 20160906
Baidu Win32.Trojan.Kryptik.anp 20160906
Bkav HW32.Packed.725C 20160905
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20160725
Cyren W32/Cerber.F.gen!Eldorado 20160906
DrWeb Trojan.PWS.Siggen1.56644 20160906
ESET-NOD32 a variant of Win32/Kryptik.FFTA 20160906
F-Prot W32/Cerber.F.gen!Eldorado 20160906
Fortinet W32/Kryptik.FFTA!tr 20160906
Invincea trojandropper.win32.bunitu.g 20160830
Rising Malware.Generic!jSZX0m9kHmO@2 (thunder) 20160906
Symantec Ransom.TorrentLocker 20160906

Dicha versión del ELISTARA 35.15 que los detecta y elimina, estará disponible en nuestra web a partir del 7-9-2016

saludos

ms, 6.9.2016