Analysis of Noblis In-dev Ransomware

Noblis is in-development ransomware which is built in python and packed by PyInstaller. You can refer my previous blog to know how to identify and reverse python built execuctables. We have following sample: Hash : 3BEEE8D7F55CD8298FCB009AA6EF6AAE [App.Any] The sample is UPX packed, after unpacking...

Read More

Analysis of File-Spider Ransomware

MD5: de7b31517d5963aefe70860d83ce83b9 [VirusTotal] FileName: BAYER_CROPSCIENCE_OFFICE_BEOGRAD_93876.doc FileType: MS Word Document The Word file has embedded macro. When you look into macro code, you will find below snippet. Private Function decodeBase64(ByVal strData As String) As Byte() Dim...

Read More

Analysis of LockCrypt ransomware

Introduction: Attackers have been recently breaking into corporate servers via RDP brute force attacks to spread a new variant of ransomware called LockCrypt. The attacks first started in June but there was an increase of attacks in October. The victims were asked to pay 0.5 to 1 BTC to recover their...

Read More