Trusted Design

CryptoApp ransomware: changes & active campaign

概要

Ransomware sure has had an uptick the past years; more and more variants appear while some have been leading the pack for the past years. This article is on a new ‘strain’, it dates to March this year from what I can tell. I haven’t seen any write-up or info about it yet (nor had any major incidents at $dayjob or heard of it from any other analysts). From what I can tell its still under development, this article will tell the story of this ransomware. Not even a day ago I blogged on a piece of ransomware named ‘CryptoApp’ which I discovered while it was still in its development & testing phase: [Analysis of a piece of ransomware in development: the story of ‘CryptoApp’]. After publication I was contacted by another analyst who was able to link the information from my blog to other samples from an actual campaign. He matched both PDB paths as wel as behaviour to these samples, this blog describes the changed made to CryptoApp as well as the active campaign.

Created: 2026-02-23

Indicators

• URL - http://weddingclip.ru/media/csrsss.exe -
• URL - http://stonewallphoenix.com/media/csrsss.exe -
• domain - cryptorepairsystems.com -
• URL - http://petersauto.pl/media/csrsss.exe -
• FileHash-MD5 - f6884ad8c02372c660849e1ccea8dc19 -
• FileHash-MD5 - 701656806aa86eedb9891d9d70507e0a -
• FileHash-SHA1 - b379f16960b33740ac02d6fd58a1813c552620ce -
• URL - http://www.polistav.sk/media/csrsss.exe -
• URL - http://61.219.82.98/tmp/csrsss.exe -
• FileHash-MD5 - 677ec7f735be831256762920e1876443 -

類似Pulses

• Analysis of a piece of ransomware in development (CryptoApp) (score: 0.90)
• Ransomware - CryptFile2 (score: 0.74)
• MarsJoke Ransomware Mimics CTB-Locker (score: 0.73)
• CryptoDefense Ransomeware (score: 0.72)
• Cryptowall Spam: My Resume Protects All Your Files (score: 0.72)

このPulseに関連する脅威アクター (事実ベース)

このPulseに関連する脅威アクター (推論ベース)

Related CVEs

このPulseに見つかったCVEはありません。

Pulse – 脅威アクター グラフ

---

← Pulse一覧に戻る