CryptConsole Ramsomware - IOC


1) Ransomware Name - CryptConsole

2) Encrypted Extensions - random

3) Ransom Note File - How decrypt files.hta

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://www.bleepingcomputer.com/forums/t/638344/cryptconsole-uncrypteoutlookcom-support-topic-how-decrypt-fileshta/&sa=D&ust=1499261274477000&usg=AFQjCNGpU2jRys40Rq0ERPFLzbwNpZbtMg

6) Screenshots -




7) Indicators of Compromise -
something_ne@india.com
https://localbitcoins.com
https://www.coinbase.com
https://xchange.cc
Email: someone_ne@india.com






8) File Details -
the MD5 ceac94adb89e52d92246b46a229795ec
the SHA1 7ee24f89b50616557189f3a69125cceb9e575950
the SHA256 d2c2fe3e1be7e10dfc6ed81c6a503ee1610c7d79e4f72e2528ebb8501065739e
ssdeep384: uwS + mp7Z0FdHvrKAi1Xa4tCgcEgIkKzsW7DfZQdHysX: 1SNpN0 / emo5cEgKaz
authentihash  e4b43c21f6ecbcc922734e656f8035197367588ee6304449e8b8da441f99f6d8
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 20.5 KB (20992 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Comments