Cockblocker Ransomware - IOC


1) Ransomware Name - Cockblocker

2) Encrypted Extensions - .hannah

3) Ransom Note File - NA

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
vboxsvr.ovh.net
collabvm.xyz (146.198.249.193, США)


8) File Details -
the MD5 e2982778434438cce87e6f43493d63ce
the SHA1 1927c6f73714a3d06d379d2bc4693e7a970d5cea
the SHA256 100b8bfff550fb74c98a2ef9a71d4bb53553d2d7ba509bb451fe32814ec57e48
ssdeep6144: j09jZMz / y1rekkCkVg + AW93YVfhZR3MM + SYRQlsQc0EJroJ: AXC / FkdkVg9WlufR3MM + PRQvcZ
authentihash  dedc831235704356b90c79481837ecb7ae854a86aa70ba80a696a017826d1468
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 308.5 KB (315904 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (console) Intel 80386 32-bit Mono / .Net assembly

Comments