{ "id": "b936c7c3-ff00-4835-b95f-a99a54910977", "created_at": "2026-04-06T00:21:25.105411Z", "updated_at": "2026-04-10T13:12:22.532376Z", "deleted_at": null, "sha1_hash": "f4dbaa5acc4643b106ba611cca05b579cd211b99", "title": "DexCrypt MBRLocker Demands 30 Yuan To Gain Access to Computer", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 671680, "plain_text": "DexCrypt MBRLocker Demands 30 Yuan To Gain Access to Computer\r\nBy Lawrence Abrams\r\nPublished: 2018-02-10 · Archived: 2026-04-05 14:52:41 UTC\r\nA new Chinese MBRLocker called DexLocker has been discovered that asks for 30 Yuan to get access to a computer. First\r\ndiscovered by security researcher JAMESWT, this ransomware will modify the master boot record of the victim's computer\r\nso that it shows a ransom note before Windows starts.\r\nUnfortunately, I was not able to get this sample to run, so I have no first hand analysis of this ransomware. The AnyRun\r\nvideo posted by JAMESWT, though, shows that once you install the ransomware, it immediately reboots the computer and\r\nthe victim is greeted with an ascii skull and a message to send 30 yaun to the 2055965068 qq address in order to get access\r\nto their computer again.\r\nDexCrypt Lock Screen\r\nMicrosoft's Windows Defender Security Team saw Jame's tweet and tweeted that they have labeled the MBRLocker\r\nas Ransom:DOS/Dexcrypt.A and that it can be detected by Windows Defender.\r\nAccording to kangxiaopao, you can enter the ssssss password to gain access. If this password does not work and it does only\r\nreplace the MBR, it can be fixed by booting up into the Windows Recovery Console and restoring the Master Boot Record\r\nusing the following commands:\r\nhttps://www.bleepingcomputer.com/news/security/dexcrypt-mbrlocker-demands-30-yuan-to-gain-access-to-computer/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/dexcrypt-mbrlocker-demands-30-yuan-to-gain-access-to-computer/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nbootrec /RebuildBcd\r\nbootrec /fixMbr\r\nbootrec /fixboot\r\nOnce you enter these commands, you can reboot and get access again to Windows again.\r\nIOCs\r\nHashes:\r\ndfc56a704b5e031f3b0d2d0ea1d06f9157758ad950483b44ac4b77d33293cb38\r\nRansom Note:\r\n .-' '-.\r\n / \\\r\n | |\r\n |, .-. .-. ,|\r\n | )(__/ \\__)( |\r\n |/ /\\ \\|\r\n (_ ^^ _)\r\n \\__|IIIIII|__/\r\n | \\IIIIII/ |\r\n \\ /\r\n `yao mi ma gei 30 yuan jia qq 2055965068`\r\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nhttps://www.bleepingcomputer.com/news/security/dexcrypt-mbrlocker-demands-30-yuan-to-gain-access-to-computer/\r\nPage 3 of 4\n\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/dexcrypt-mbrlocker-demands-30-yuan-to-gain-access-to-computer/\r\nhttps://www.bleepingcomputer.com/news/security/dexcrypt-mbrlocker-demands-30-yuan-to-gain-access-to-computer/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/dexcrypt-mbrlocker-demands-30-yuan-to-gain-access-to-computer/" ], "report_names": [ "dexcrypt-mbrlocker-demands-30-yuan-to-gain-access-to-computer" ], "threat_actors": [], "ts_created_at": 1775434885, "ts_updated_at": 1775826742, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/f4dbaa5acc4643b106ba611cca05b579cd211b99.pdf", "text": "https://archive.orkl.eu/f4dbaa5acc4643b106ba611cca05b579cd211b99.txt", "img": "https://archive.orkl.eu/f4dbaa5acc4643b106ba611cca05b579cd211b99.jpg" } }