Bandarchor Ransomware - IOC


) Ransomware Name - Bandarchor
2) Encrypted Extensions -
.id-1235240425_help@
.id-[ID]_[email_address]
3) Ransom Note File - HOW TO DECRYPT.txt
4) Encrypted Algorithm - AES(256)
5) Decryptor Link - NA
6) Screenshots -


7) Indicators of Compromise -
fud@india.com
fudx@lycos.com fud@lycos.com
fudx@lycos.com          
decode@india.com
decrypt@india.com
europay@india.com
info@cryptedfiles.biz и salutem@protonmail.com
bingo@opensourcemail.org
doctor@freelinuxmail.org
johndoe@weekendwarrior55.com
sos@encryption.guru
av666@weekendwarrior55.com
email_info@cryptedfiles.biz
email1_info@cryptedfiles.biz
milarepa.lotos@aol.com


8) File Details -
MD5 02dd13752abc64e586df130b913cde22
SHA1 f2c668f8c16186f2e16c3fa745a27c64124993fe
SHA256 6d845f8acf5eacd8cbe23b88a425c88b43400cfd9ca89767bc3972998b8393db
ssdeep6144:QsQs+hy0sTTJU/XS99wy/F5kCiLeVjDtc0W/Zp4SQx5gRSNlX:tJJviS935wLejDtcvD4LWRSNN
authentihash  ca00dde6dafba1f6cafc943bed85d8174b767db18b540deabf260690236e06e2
imphash  7ee67e23eb01a8b764afee727dfc673e
File size 373.5 KБ ( 382464 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments