HackDig : Dig high-quality web security articles for hacker

CryptoFortress : Teerac.A (aka TorrentLocker) got a new identity

2015-03-05 01:10

Blitz post.
I was hunting for Gootkit (pushed in a Nuclear Pack instance in France those days) but instead I got a Teerac.A

Nuclear Pack pushing Teerac.A via CVE-2013-2551 - FR - 2015-03-04
(have no sure explanation for the 444 error on the "undefined" and CVE-2015-0311 call in that pass).

As far as i know, Teerac.A (Microsoft's name) aka Torrent Locker was using a "CryptoLocker" identity :

Clicking on the "Buy Decryption software" :

The sample I got today is showing its own identity :  CryptoFortress

Clicking on the "Buy decryption software"

Samples : An old Torrent Locker and a fresh CryptoFortress
26f13c4ad8c1ccf81e80a556cf6db0af - 2014-10-25
e6dda3e06fd32fc3670d13098f3e22c9 - 2015-03-04

Read more :
(PDF) TorrentLocker - Ransomware in a country near you - 2014-12 - Marc-Etienne M.Léveillé - Eset

Source: 6097736873719192715-tsop.6133588357016268618-golb:9991,moc.reggolb:gat

Read:4416 | Comments:0 | Tags:No Tag

“CryptoFortress : Teerac.A (aka TorrentLocker) got a new identity”0 Comments

Submit A Comment



Blog :

Verification Code:


Share high-quality web security related articles with you:)


Tag Cloud