{
	"id": "8ce7acfb-c233-4430-af57-61fb912daf3a",
	"created_at": "2026-04-06T01:31:12.105345Z",
	"updated_at": "2026-04-10T03:20:28.398093Z",
	"deleted_at": null,
	"sha1_hash": "066c3ccfc60794dfbb006d90339e436bc5be0783",
	"title": "New Azer CryptoMix Ransomware Variant Released",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 740724,
	"plain_text": "New Azer CryptoMix Ransomware Variant Released\r\nBy Lawrence Abrams\r\nPublished: 2017-07-05 · Archived: 2026-04-06 00:09:25 UTC\r\nToday has been busy with ransomware and we have some some good news coming later today. For this story, though, we are\r\ngoing to take a look at the Azer variant of the Cryptomix ransomware. This version of Cryptomix was discovered today by\r\nsecurity researcher MalwareHunterTeam right as a decryptor for the previous version, Mole02, was released.\r\nWhile this ransomware encrypts files in a similar manner to all others in this family, I did notice some changes in this\r\nversion that will be outlined below.\r\nAs we are always looking for weaknesses, if you are a victim of this variant and decide to pay the ransom, please send us the\r\ndecryptor so we can take a look at it. You can also discuss or receive support for Cryptomix ransomware infections in our\r\ndedicated Cryptomix Help \u0026 Support Topic.\r\nChanges in the Azer Cryptomix Ransomware Variant\r\nWhile overall the encryption methods stay the same in this variant, there have been some differences. First and foremost, we\r\nhave a new ransom note with a file name of _INTERESTING_INFORMACION_FOR_DECRYPT.TXT. This ransom\r\nnote contains instructions to contact either webmafia@asia.com or donald@trampo.info for payment information.\r\nhttps://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/\r\nPage 1 of 5\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/\r\nPage 2 of 5\n\nVisit Advertiser websiteGO TO PAGE\r\nAzer Ransom Note\r\nThe next noticeable change is the extension appended to encrypted files. With this version, when a file is encrypted by the\r\nransomware, it will modify the filename and then append the string -email-[email_address].AZER to the encrypted file.\r\nFor example, an test file encrypted by this variant has an encrypted file name\r\nof 32A1CD301F2322B032AA8C8625EC0768-email-[webmafia@asia.com].AZER. \r\nFolder of Encrypted Azer Files\r\nLast, but not least, this version performs no network communication and is completely offline. It also embeds ten different\r\nRSA-1024 public encryption keys, which are listed below. One of these keys will be selected to encrypt the AES key used to\r\nencrypt a victim's files. This is quite different compared to the Mole02 variant, which only included one public RSA-1024\r\nkey.\r\nAs this is just a cursory analysis of this new variant, if anything else is discovered, we will be sure to update this article.\r\n \r\nIOCs\r\nFile Hashes:\r\nSHA256: 6f5f3bd509c22f0aec4a55fd4d08b7527be4708145b760bc3bd955c6e7538064\r\nFilenames associated with the Azer Cryptomix Variant:\r\nhttps://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/\r\nPage 3 of 5\n\n_INTERESTING_INFORMACION_FOR_DECRYPT.TXT\r\n%AppData%\\[random].exe\r\nAzer Ransom Note Text:\r\n All you files encrypted\r\n For decrypt write to email:\r\n webmafia@asia.com\r\n donald@trampo.info\r\n You ID - XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX\r\nEmails Associated with the Azer Ransomware:\r\nwebmafia@asia.com\r\ndonald@trampo.info\r\nBundled Public RSA-1024 Keys:\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCTp02+iahQUVQQSGTYcAgUdyn8 R6D3+q/M1GwA4c6ePwXlsEJC8UC4hDE4otjs4Vae0MauQrvkYo2rnilCp\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2Zs4/PG+bhEhduEnmB/zS4Ps7 bD0EDn6q2tgpIwu7WF4NhDwnCQYeX9uweOs+x3pPKIHgZj7KtyOdwjJEM\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDdcVWIUztGfqsyayX8MJ+MilwA OCMmaedwUkhcrOaZbEr/kjFAS/51dhxfUmoO2M6N51D1+Tlx1hFP0Bbea\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoXHPF5pGepB37MwkGshTi4N+q KaRbRAk6b6tDUxHK8AWyNDJTFKLygvaNTxjAcpY467SDTXQq6EyvaCh2j\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCfshy8WocDLQBfn36LclXu7obD X5hCJFAKntVU3Siyy6XKnumyu/qsiwekxG0QkDrEuWZWGk+/w5qVf+bw1\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3ncKb3ppnuXs7NtizXtdHcKcj sfSIhS3E23j5Z4pxYfj3c3ipP8/gxu93/9b6qSQnQ87NRACf8NBbpr1XY\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCNdG6Kp5B6EHKVsENf2QudkLfe TMzETNDGBk5cvGpj3On70vZGODVj/WfRe2iHyVE0ykT/iXXtb/C5gw3Fe\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqqapIMkQJgyt8mfVLZRPIEU20 V8c3+JbWNCdtDrIucv5nsKxJ/hCCDCau8gVjNN5jWtLltoQ0NvwR94HZa\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCHZ0EKaGTzyOxqaX2ePqAs46RU HhLRsApVWfO0z3BADXv4cv2iGjSXRZE1g7dU/KNEVZrjuBRaHksWpXKIw\r\n-----END PUBLIC KEY-----\r\n-----BEGIN PUBLIC KEY-----\r\nhttps://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/\r\nPage 4 of 5\n\nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCkrR8CoTgor4sIybnVarCSWzMN RIoH51qIgCWDx49UQYXXqCn7I4T2XL7iOD5Fb/LO8LLS/BC7xNETIBGwU\r\n-----END PUBLIC KEY-----\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/\r\nhttps://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/\r\nPage 5 of 5",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/"
	],
	"report_names": [
		"new-azer-cryptomix-ransomware-variant-released"
	],
	"threat_actors": [],
	"ts_created_at": 1775439072,
	"ts_updated_at": 1775791228,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/066c3ccfc60794dfbb006d90339e436bc5be0783.pdf",
		"text": "https://archive.orkl.eu/066c3ccfc60794dfbb006d90339e436bc5be0783.txt",
		"img": "https://archive.orkl.eu/066c3ccfc60794dfbb006d90339e436bc5be0783.jpg"
	}
}