Equipment receipts malspam delivers Locky — 8 Comments

  1. c4i03t isn’t of the same ilk as the previous one I managed to decrypt. there are no repeating patterns meaning they aren’t using the simple 32 character XOR decrypt. Could you share the attachment zip file if you have it ? (standard password)
    We haven’t received any of these yet.


  2. Also, from all the code I’ve analysed so far, there is a big chunk of base64 code in the middle of the script that decodes to what looks like an encryption function. Only problem is, it does a simple XOR with an array. So much for ‘Your file have been AES256 encrypted” bullshit.
    I’ll pastebin and link when I get back to work.

  3. Still not received any of these. Hopefully they know who we are and are avoiding us 🙂
    It’s been quiet here except for the occasional delivery failure/report rubbish
    Keep them coming maltards!

Leave a Reply

Your email address will not be published. Required fields are marked *