DMA Locker 1-2-3
Tags
country: Poland
attack-pattern: Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 5550fa2d-c25e-4c40-bf61-cb199c7142a7
Fingerprint 363742ef130db2b1
Analysis status DONE
Considered CTI value 0
Text language
Published Feb. 2, 2016, 11:30 a.m.
Added to db Jan. 18, 2023, 7:50 p.m.
Last updated Oct. 16, 2024, 2:41 a.m.
Headline Шифровальщики-вымогатели The Digest "Crypto-Ransomware"
Title DMA Locker 1-2-3
Detected Hints/Tags/Attributes 24/2/29
Source URLs
Redirection Url
Details Source http://id-ransomware.blogspot.com/2016/02/dma-locker-1-2-ransomware.html
URL Provider
Details Provider Source level domain
Details blogspot.com id-ransomware.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 2 
www.coinfloor.co.uk
Details Domain 42 
www.coinbase.com
Details Domain 10 
www.bitstamp.net
Details Domain 68 
gmx.com
Details Domain 1 
interia.pl
Details Email 1 
january0060@gmx.com
Details Email 1 
styczen0020@interia.pl
Details File 3 
cryptinfo.txt
Details File 1 
c:\programdata\cryptinfo.txt
Details File 2 
ntserver.exe
Details File 2 
fakturax.exe
Details File 1 
date_1.txt
Details File 2 
decrypting.txt
Details File 4 
start.txt
Details File 1 
c:\programdata\ntserver.exe
Details File 1 
c:\programdata\fakturax.exe
Details File 1 
c:\programdata\date_1.txt
Details File 2 
c:\programdata\decrypting.txt
Details File 2 
c:\programdata\start.txt
Details File 2 
c:\documents and settings\all users\decrypting.txt
Details File 2 
c:\documents and settings\all users\start.txt
Details File 1 
interia.pl
Details IPv6 1 
41:55:16:13:51:76:67:99
Details IPv6 1 
41:42:43:58:59:5a:31:31
Details Url 2 
https://www.coinfloor.co.uk
Details Url 21 
https://www.coinbase.com
Details Url 8 
https://www.bitstamp.net
Details Windows Registry Key 1 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cryptedinfo
Details Windows Registry Key 1 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\cssys