Crypren Ransomware - IOC



1) Ransomware Name - Crypren

2) Encrypted Extensions - .ENCRYPTED

3) Ransom Note File - READ_THIS_TO_DECRYPT.html

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://github.com/pekeinfo/DecryptCrypren&sa=D&ust=1499261274476000&usg=AFQjCNGnAclXafElJHdnSIYK7PfgjBI1bg

6) Screenshots -


7) Indicators of Compromise -
https://bitcoin.org/en/getting-started
https://en.bitcoin.it/wiki/Buying_Bitcoins_(the_newbie_version)
https://www.openssl.org/support/faq.html



8) File Details -
the MD5 f6a8d7a4291c55020101d046371a8bda
the SHA1 09b08e04ee85b26ba5297cf3156653909671da90
the SHA256 082060e3320870d1d576083e0ee65c06a1104913ae866137f8ca45891c059a76
ssdeep24576: Fpfzmg0hsVxPJHnhxqj / jELyOpQR2dnCy: FpfCHKrPFnh4jEWOpQEdnCy
authentihash  e3dfe8ada9ab4c78c4d8c026eabdf2222de09e3b5810684bd5f20deb8c83d492
imphash  2fb40ed232ce119fffafdcc8e83b0b1f
File size 799.5 KB (818,688 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments