CryLocker Ransomware - IOC


1) Ransomware Name - CryLocker

2) Encrypted Extensions - .cry

3) Ransom Note File -
!Recovery_[random_chars].html
!Recovery_[random_chars].txt

4) Encrypted Algprithm - NA

5) Decryptor Link - NA

6) Screenshots -


7) Indicators of Compromise -
хттп://imgur.com
хттпs://pastee.org/
хттпs://maps.googleapis.com
UDP Traffic to ip addresses in the 37.x.x.x range
***mbfce24rgn65bx3g.rzunt3u2.com (66.23.246.239:80 - США)
***fortycooola.top (54.165.109.229:80 - США)
***smoeroota.top
***newfoodas.top
***84.200.34.99 (Германия)
***7gie6ffnkrjykggd.rzunt3u2.com
***7gie6ffnkrjykggd.er29sl.in
***7gie6ffnkrjykggd.onion



8) File Details -
the MD5 feb7967965c46e655c247054a0f500f1
the SHA1 ccdaa1dcbc450db0b9bdcbc22538137856fcc0b8
the SHA256 a37108a8960fcee98058261486a15ab2d8680844513ba60f266185b9d3d7d981
ssdeep192: 3zsQmb9geQ9ilbqibqHpjAjgIkotjv9d909 / Sc: wr5luppmz1jaac
File size 11.0 KB (11232 bytes)
File Type Text
DescriptionASCII text, with very long lines

Comments