Malware News New C# Ransomware Compiles itself at Runtime

LASER_oneXM

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Content source
https://www.bleepingcomputer.com/news/security/new-c-ransomware-compiles-itself-at-runtime/
A new in-development ransomware was discovered that has an interesting characteristic. Instead of the distributed executable performing the ransomware functionality, the executables compiles an embedded encrypted C# program at runtime and launches it directly into memory.

Discovered by MalwareHunterTeam, this ransomware contains an encrypted string that is embedded into the dropper as shown below.
...
.... ....
Click to expand...
... .... ...
... ...
This method is probably being used to prevent the dropper from being detected by security software as any malicious behavior is hidden inside the encrypted string.

As for the ransomware itself, other than it saving the decryption key and IV to a file on the desktop, it is fully functional. Therefore, it wouldn't be surprising to see the ransomware being distributed at some point.

When executed, it will encrypt the files on the victim's computer and rename the files using the template sequre@tuta.io_[hex]. For example, a file called 11.jpg would be encrypted and renamed to sequre@tuta.io_31312E6A7067 .
...
... .... ...
Click to expand...
While this ransomware is still in development, it does use an interesting feature that we have not seen in ransomware before. This goes to show how attackers continue to try and think up new ways to bypass security programs that protect your computer.
Click to expand...
 
  • Like
Reactions: Der.Reisende, silversurfer, Jack and 1 other person
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
Cybersecurity firm Sophos impersonated by new SophosEncrypt ransomware
Replies
1
Views
1,453
News Archive
Kongo
Kongo
[correlate]
    • Like
    • +Reputation
    • Applause
Deep Instinct uncovers new JavaScript-based malware dropper
Replies
0
Views
1,070
News Archive
[correlate]
[correlate]
vtqhtr413
    • Like
    • Wow
    • +Reputation
New ransomware fakes Windows Update to trick home users
Replies
5
Views
1,636
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top