AstraLocker 2.0 Ransomware

AstraLocker 2.0 Ransomware
AstraLocker 2.0 is closely related to Babuk Ransomware. It encrypts user data and ask $50 USD in XMR (monero) coin. It is distributed via phishing campaigns as Microsoft Office Word documents attachments. The malware is hidden inside the Word Document as an OLE Object. The victim need to click it, to execute it. If the user double clicks the icon in the document and consents to running an embedded executable named "WordDocumentDOC.exe". This high rate of user interaction increases the chances that victims will think twice on executing it. It also show the low skill level of the attacker.

AstraLocker 2.0 Signatures

Family: Backdoor:Win32/Bladabindi!ml
MD5: 9910f4d9dbb05b2d4e4f3919aebdd05a
SHA256: 71ba916a7f35fe661cb6affc183f1ce83ee068dbc9a123663f93acf7b5a4263e

AstraLocker 2.0 Download

Download AstraLocker 2.0 Sample