Chimera Ransomware - IOC


1) Ransomware Name - Chimera

2) Encrypted Extensions - .crypt 4 random characters, e.g., .PzZs, .MKJL

3) Ransom Note File -
YOUR_FILES_ARE_ENCRYPTED.HTML
YOUR_FILES_ARE_ENCRYPTED.TXT
<random>.gif

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=http://www.bleepingcomputer.com/news/security/chimera-ransomware-decryption-keys-released-by-petya-devs/&sa=D&ust=1499261274473000&usg=AFQjCNF5YuDKhOu4GUtVhVC2uwi-Nuz50g

6) Screenshots -

7) Indicators of Compromise - NA


8) File Details -
the MD5 60fabd1a2509b59831876d5e2aa71a6b
the SHA1 8b91f3c4f721cb04cc4974fc91056f397ae78faa
the SHA256 1dacdc296fd6ef6ba817b184cce9901901c47c01d849adfa4222bfabfed61838
ssdeep3072: BMhIBKH7j7DzQi7y5bvl4YAbdY9KWvwn7XHMzqEOf64CEEl64HBVdGXPKD: BMh5H7j5g54YZKXoxOuEEl64HZAi
authentihash  fb5ffe1c8728afdfc57cff739567ad0ecf39a3a0ae79109b2ddf497e902232f5
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 232.0 KB (237568 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly


Comments