Thursday, 21 July 2011
MBRLocker Builder v0.1 / MBRLocker Builder v0.2
Yesterday Vazonez released a new winlock generator
This hack tools build MBR lockers, it write the MBR, and request unlock code.
MBR code is based on an existing ransomware (Trojan.MBRlock.6).
You can configure the message text, password, unlock code, color and icon.
Here, a sample made by MBRLocker Builder v0.1 in action:
It's simple as usual for find the unlock code.
Edit 25 Jul 2k11: MBRLocker Builder v0.2 released
What's new ? fixed sector bug, Serial is now xored with a random key
IDA Schem of the serial check:
More 10 sec to unxor the serial maybe.
I've made a VB6 code for retrieve serials of MBRLocker v0.2
How to debug MBR Ransomware (14 Jul 2k11)
Trojan.MBRlock (xxxvideo.avi.exe) (9 Jul 2k11)
Trojan.MBRlock (xxxvideo.avi.exe) (4 Jul 2k11)
Trojan.MBRlock (output.exe) (25 Apr 2k11)
Already noticed on the past: here (25 Apr 2k11) ~ here (4 Jul 2k11) ~ here (9 Jul 2k11)