p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 12.0px Helvetica} span.s1 {font: 12.0px ‘PingFang SC’} span.s2 {font: 12.0px ‘Arial Unicode MS’} span.s3 {font: 12.0px ‘Malayalam Sangam MN’}
Goal: Obtain latest Spora ransomware configration for malware analysis:
Config Source: Github
The Spora semi-config is as follows:
p.p1 {margin: 0.0px 0.0px 0.0px 0.0px; font: 11.0px Georgia; -webkit-text-stroke: #000000} span.s1 {font-kerning: none}
email…msg…avi…mp4…wmv…cue…nrg…bin…mds…mdf…iso…sdf…tmd…sdb…ldf…frm…dbs…db3…sql2..sql1..sql…lic…key…cer…pfx…vob…vmxf..vmx…vmsd..vmdk..vhdx..vhd…vdi…vbox..dwf…dxf…cfg…cab…tar…arj…ace…accdb…mdb…pdb…backupdb..wbcat…ful…wbk…010…009…008…007…006…005…004…003…002…bak4..bak3..bak2..bak1..bak…tib…xlam..docxml..backup..7z..rar…zip…bmp…tiff..jpeg..jpg…gsf…geo…efd…cdn…elf…lgp…lgf…log…epf…cfu…cf..dt..sqlite..dbf…1cd…cd..cdr…dwg…psd…ppsm..ppsx..potm..potx..pptm..pptx..bpdx..pdf…rtf…odt…xltm..xltx..xlsb..xlsm..xlsx..xls…docm..docx..doc…dot..games.program files (x86).program files.windows…\*.*..%s%02X%01X-%01X%01X..\%s.%s\%s[.]html..\%s[.]html..}..lnk../c start explorer[.]exe “%s” & type “%s” >”%%temp%%\%s” && “%%temp%%\%s”.cmd[.]exe.shell32[.]dll.%08x%04x%04x[.]exe..%s\%u.:Zone.Identifier..\.runas./c “%s” /u….process call create “ md[.]exe /c vssadmin[.]exe delete shadows /quiet /all”..wmic[.]exe..IsShortcut..SOFTWARE\Classes\lnkfile..\%u.m%u./
Reverse Engineering, Malware Deep Insight 