HorseDeal Ransomware Sample Download

Posted Under: Download Free Malware Samples , Malware, Ransomware, Windows on Feb 10, 2020
HorseDeal Ransomware Sample Download
HorseDeal ransomware exploits the newly discovered vulnerability in Microsoft Windows CryptoAPI's (Crypt32.dll) verification procedure fro Elliptic Curve Cryptography (ECC) certificates.This vulnerability is also know as Curveball or Chain of Fools Vulnerability. The sample uses a filename of a genuine AV vendor's process. Given explicit trust associated with signing certificates, the ransomware also exploited CVE-2020-0601 to spoof a signing certificate claiming to be issued by "Microsoft ECC TS Root Certificate Authority 2018". Once executed it check for user language if it is from Kazakh, Belarusian, Kyrgyz, Tatar, Azerbaijani, Armenian, Tajik. It remove itself for the machine, it not, it encrypt user data.

HorseDeal Ransomware Signatures

Family: Exploit:Win32/CVE-2020-0601.D
MD5: 716c502ba250f742fc935b3cb223ca4a
SHA256: d6ab910259c9bc68196aeec3e9ff4864bada22738c02ecf5ada7912ced292d28

HorseDeal Ransomware Download

Download HorseDeal Ransomware Sample