HackDig : Dig high-quality web security articles for hacker

CryptoFortress : Teerac.A (aka TorrentLocker) got a new identity

2015-03-05 01:10


Blitz post.
I was hunting for Gootkit (pushed in a Nuclear Pack instance in France those days) but instead I got a Teerac.A

Nuclear Pack pushing Teerac.A via CVE-2013-2551 - FR - 2015-03-04
(have no sure explanation for the 444 error on the "undefined" and CVE-2015-0311 call in that pass).


As far as i know, Teerac.A (Microsoft's name) aka Torrent Locker was using a "CryptoLocker" identity :



Clicking on the "Buy Decryption software" :



The sample I got today is showing its own identity :  CryptoFortress


Clicking on the "Buy decryption software"


Samples : An old Torrent Locker and a fresh CryptoFortress
26f13c4ad8c1ccf81e80a556cf6db0af - 2014-10-25
e6dda3e06fd32fc3670d13098f3e22c9 - 2015-03-04


Read more :
(PDF) TorrentLocker - Ransomware in a country near you - 2014-12 - Marc-Etienne M.Léveillé - Eset


Source: 6097736873719192715-tsop.6133588357016268618-golb:9991,moc.reggolb:gat

Read:3062 | Comments:0 | Tags:No Tag

“CryptoFortress : Teerac.A (aka TorrentLocker) got a new identity”0 Comments

Submit A Comment

Name:

Email:

Blog :

Verification Code:

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud

Keywords