Got this from Susan Bradley on the secshare list. Possible new Cryptolocker not seen by the AV vendors.
https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/ Signatures <https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_network_bind> Starts servers listening on 0.0.0.0:0, 0.0.0.0:8601, 0.0.0.0:7185<https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_network_bind> <https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_antivirus_virustotal> File has been identified by at least one AntiVirus on VirusTotal as malicious<https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_antivirus_virustotal> <https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_network_http> Performs some HTTP requests<https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_network_http> <https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_recon_fingerprint> Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)<https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_recon_fingerprint> <https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_bypass_firewall> Operates on local firewall's policies and settings<https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_bypass_firewall> <https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_infostealer_browser> Steals private information from local Internet browsers<https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_infostealer_browser> <https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_persistence_autorun> Installs itself for autorun at Windows startup<https://malwr.com/analysis/YjFhYWQyZTc5MDE5NGM4Y2I4ODZiYzNkYTZiYTNlMzM/#signature_persistence_autorun> I would look at the network communications outbound and see if this matches any traffic patterns you see on your network. Z Edward E. Ziots, CISSP, CISA, CRISC, Security +, Network + Security Engineer Lifespan Organization [email protected]<mailto:[email protected]> Work:401-255-2497 This electronic message and any attachments may be privileged and confidential and protected from disclosure. If you are reading this message, but are not the intended recipient, nor an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that you are strictly prohibited from copying, printing, forwarding or otherwise disseminating this communication. If you have received this communication in error, please immediately notify the sender by replying to the message. Then, delete the message from your computer. Thank you. [cid:[email protected]]
<<inline: image001.png>>
