Prism themed ransomware - Kovter evolution

Prism logo ;)

I found a new (to me - it seems it's 2 weeks old) Prism Themed ransomware. Not really worth a post but could make you smile too...so here is it :

Prism Themed Ransomware - 2013-08-25 (Kovter.???)

Based on where I found it, http calls and other details, I would say it could be the same actors that were behind Kovter.

Fiddler Trace of Infection + Design Gathering

<edit1: > Checking a little more it's an evolution of Kovter Also looking at your browsing history.

History check (against a list that is now encoded)

</edit1>


Ransomware C&C :
94.242.206.71
zipwog.biz
Registrant Name:         Vladislav Krasnov
Registrant Address1:         Kahovskaya st. 31
Registrant City:                 Perm
Registrant State/Province: Permskaya oblast
Registrant Postal Code:      614109
Registrant Phone Number: +7.9145023291
Registrant Email:          krvansed@rambler.ru

<edit2 2013-08-26>
After Circl action their failover Reverse Proxy in Germany is being used:
83.133.110.32
13237 | 83.133.0.0/16 | LAMBDANET | DE | GREATNET.DE | GREATNET NEW MEDIA.
zigwog.info
</edit2>
File:
e1988e7512bb18dc0e3ed946ca466d0f - Sample here (OwnCloud via Goo.gl)
407886c0ad30f4152428e7c99536bbaa