Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

What is the key


  • Please log in to reply
2 replies to this topic

#1 Mark_Joe

Mark_Joe

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 03 December 2017 - 06:27 PM

Hello guys,
I have interests about analyzing ransomwares and get the key,

but yesterday I couldn't get the key from this ransomware, who has an idea?

I use dnspy with analysis

for download

https://mega.nz/#!oMRwFZba!n-Ko4gayvr2aVRvcAEhb3lpOCR_IsQn7fWAG4aeBuT0

With kind regards



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,472 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:28 AM

Posted 04 December 2017 - 01:39 AM

Were your files encrypted by this? Looks like it uses the extension ".mrcyber".

 

It uses a random string generator for the password, it isn't just static or anything. It may be decryptable, but will have to be bruteforced using an encrypted file and it's original. Also, it technically generates a new password per file, so there's a bit more work to be done even if you get the password for one file.

 

Also, the encryption routine itself really reminds me of JobCrypter.

 

*Edit: Upon further inspection, it may actually be nearly impossible to decrypt too many files. Not only is the password generator called for every file (which is never saved anywhere), it also just appends a global variable each time... so with each new file to encrypt, the password just gets longer as passwords are appended to each other into infinity...


Edited by Demonslay335, 04 December 2017 - 01:52 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Mark_Joe

Mark_Joe
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:28 AM

Posted 04 December 2017 - 02:24 AM

Acctully no my friend gave me the ransomware from 1 year, and yesterday I found it again and tried to analyse it




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users