Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Magaskosh Ransomware (.magaskosh) Support Topic


  • Please log in to reply
28 replies to this topic

#16 m0rpheus90

m0rpheus90
  • Topic Starter

  •  Avatar image
  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 September 2023 - 03:55 AM

i dont have the original files anymore but i sent the encrypted ones.

Attached Files



BC AdBot (Login to Remove)

 


#17 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 07 September 2023 - 07:57 AM

At the beginning of each encrypted file there is a marker: rymozvpgflsstrhd
This will help to better identify the samples.
 
But that's all, the original encoder file is needed so that specialists can determine the relationship and investigate the encryption.
 
Need that Demonslay335 looked with their tools.

Edited by Amigo-A, 07 September 2023 - 07:59 AM.

My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#18 m0rpheus90

m0rpheus90
  • Topic Starter

  •  Avatar image
  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 September 2023 - 08:58 AM

i was able to find some original files and the encrypted ones . 

Attached Files



#19 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 07 September 2023 - 11:24 AM

m0rpheus90

 

Your files also have:

At the beginning of each encrypted file there is a marker: rymozvpgflsstrhd

 


My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#20 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:45 PM

Posted 07 September 2023 - 03:28 PM

m0rpheus90 (upload) samples of encrypted files, ransom notes and any contact email addresses to ID Ransomware (IDR) so we get this in the system for Demonslay335.


.
.
Microsoft MVP Alumni 2023
Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#21 m0rpheus90

m0rpheus90
  • Topic Starter

  •  Avatar image
  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 07 September 2023 - 07:50 PM

i uploaded but it says this :

 

 

Unable to determine ransomware.

Please make sure you are uploading a ransom note and encrypted sample file from the same infection.

This can happen if this is a new ransomware, or one that cannot be currently identified automatically.

You may post a new topic in the Ransomware Tech Support and Help forums on BleepingComputer for further assistance and analysis.

Please reference this case SHA1: b80313b5e840eab8f783c22fd8b1c7d6d56ac6ba



#22 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:45 PM

Posted 07 September 2023 - 07:56 PM

That's a standard reply for new ransomware or one not currently identified. The point of the submission for now was to get samples into the system so Demonslay335 can manually inspect the files and compare with further submissions.


.
.
Microsoft MVP Alumni 2023
Windows Insider MVP 2017-2020
Microsoft MVP Reconnect 2016-2023
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#23 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 10 September 2023 - 12:33 PM

I sent the files 'original and encrypted files.zip' to an antivirus company DrWeb for analysis. And I want to find out more precisely why they consider the file harmless, although the files are encrypted. I'll let you know their answer.


Edited by Amigo-A, 10 September 2023 - 12:33 PM.

My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#24 m0rpheus90

m0rpheus90
  • Topic Starter

  •  Avatar image
  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 11 September 2023 - 06:51 AM

thank you

#25 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 11 September 2023 - 07:40 AM

m0rpheus90

 

Do you have access to the infected PC?

Several manipulations need to be done.


My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#26 m0rpheus90

m0rpheus90
  • Topic Starter

  •  Avatar image
  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:45 AM

Posted 11 September 2023 - 07:54 AM

yes



#27 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 11 September 2023 - 08:42 AM

OK. Wait a while. 


My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#28 Amigo-A

Amigo-A

    Security specialist and Ransomware expert


  •  Avatar image
  • Members
  • 3,003 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bering Strait
  • Local time:07:45 AM

Posted 11 September 2023 - 10:03 AM

Instructions sent to PM


My site: The Digest "Crypto-Ransomware"  + Google Translate 

 


#29 Takahata

Takahata

  •  Avatar image
  • Members
  • 4 posts
  • OFFLINE
  •  

Posted 11 September 2023 - 01:20 PM

This can be a big problem, because the magaskosh is a new ransomware, I don't want imagine if this can create a multiple attack and infect much PC's with a windows 7 or others windows versions




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users