|
Message-ID: <91D0B62A2328924087649659387009F5861C8E88@EUMAILDAG2.eu.kaspersky.com> Date: Thu, 14 Feb 2013 14:12:52 +0000 From: Nicolas Brulez <nicolas.Brulez@...persky.com> To: "john-users@...ts.openwall.com" <john-users@...ts.openwall.com> Subject: RE: RAR Cracking with JtR Jumbo (Files found during forensics) Hello! This is not a ransomware related case. The malware were using those files to keep backup and updates safe. I have no clue about the password format. I wish it was a ransomware, i wouldn't have to bother you guys, i would just reverse the samples :) I guess the password is totally random.. no clue :( I was just contacted for new victims, So i will get Images of both HD and memory. Maybe i will get more luck this time. Thank you so much for running it. At least i know it is not as easy.. Nico -- Best regards, Nicolas Brulez | Malware Expert - Global Research and Analysis Team | Kaspersky Lab -----Message d'origine----- De : Rich Rumble [mailto:richrumble@...il.com] Envoyé : jeudi 14 février 2013 14:31 À : john-users@...ts.openwall.com Objet : Re: [john-users] RAR Cracking with JtR Jumbo (Files found during forensics) On Wed, Feb 13, 2013 at 12:52 PM, Nicolas Brulez < nicolas.Brulez@...persky.com> wrote: > I will let it run when i am AFK, i can't run it when i am working, it's > now "blasting". > The c/s is slowly getting lower though. I will look at it after dinner > I split rockyou into 4 pieces and let 4 machines go through it with no additional rules, didn't get the pass. Being in the malware biz yourself, are we likely to find it as anything other than some random string, or would it possibly be something found in a dictionary? Have people paid ransomware perps and got the actual password from them, and if so I wonder what it was like? Or do I have my facts wrong and this is a "lost" password situation? -rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.