Both parts are concatenated together ( ) and hashed using local implementation of SHA512 (this implementation comes from OpenSSL)… …and the volume serial number of the disk, where the Windows is installed (using GetVolumeInformation). That’s why we decided to take a closer look, not only at the internal structure of this malware but also at the similarities and differences between these two products. The building blocks of Rokku reminded us of the Chimera ransomware. Currently, it’s most common distribution method is spam where a malicious executable is dropped by a VB script belonging to the e-mail’s attachment. Rokku is yet another ransomware, discovered in recent weeks.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |