The Kangaroo Ransomware not only Encrypts your Data but tries to Lock you out of Windows
Tags
attack-pattern: Data Control Panel - T1218.002 Email Addresses - T1589.002 Malware - T1587.001 Malware - T1588.001 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID da0352ed-f7da-4d3d-9522-8e1fcd6299ce
Fingerprint 1666605b2f07865c
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 28, 2016, midnight
Added to db Sept. 26, 2022, 9:32 a.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline The Kangaroo Ransomware not only Encrypts your Data but tries to Lock you out of Windows
Title The Kangaroo Ransomware not only Encrypts your Data but tries to Lock you out of Windows
Detected Hints/Tags/Attributes 40/1/10
Source URLs
Redirection Url
Details Source https://www.bleepingcomputer.com/news/security/the-kangaroo-ransomware-not-only-encrypts-your-data-but-tries-to-lock-you-out-of-windows/
URL Provider
Details Provider Source level domain
Details bleepingcomputer.com www.bleepingcomputer.com
Attributes
Details Type #Events CTI Value
Details Domain 246 
mail.ru
Details Email 1 
kangarooencryption@mail.ru
Details File 1 
instructions_data_recovery.txt
Details File 74 
test.jpg
Details File 19 
msconfig.exe
Details File 1260 
explorer.exe
Details sha256 1 
5969a76a353828e75ed9c33230a71ee4e6df3c320626901f6da7f2eb16f9b219
Details Windows Registry Key 104 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
Details Windows Registry Key 582 
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Details Windows Registry Key 38 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run