CryptoJacky Ransomware - IOC


1) Ransomware Name - CryptoJacky

2) Encrypted Extensions - .aes

3) Ransom Note File - NA

4) Encrypted Algorithm - AES

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
ransom_ph@mail2noble.com
cryptoJacky-setup.exe
cryptojacky.exe
aescrypt.exe
run.exe
ransom-information.lnk
ransom-instructions.lnk
ransom-payment.url
ransomware-c.exe
ransomware-d.cmd
<random>.exe
<random>.vbs
<random>.tmp
<random>.bat
<random>.scr
www.bestchange.com


8) File Details -
the MD5 db6a89a551aef04befe0dd8edaf068ce
the SHA1 54ceda0a7477217e98aa0db311994c15cf1021d1
the SHA256 eb1d67380ec375c79fd7533c90dc5f686165401174515abd8018d0220bf781b9
ssdeep12288: OANwRo + mv8QD4 + 0V16sUKniEhNHgqvx + TDX3rTE08Rhz: OAT8QE + kvUMiEnSHr4bfz
authentihash  784da99e9870b504052d09c449dd881c8b6ae577f77b7f6c9fa9eb0f52ed220c
imphash  c9adc83b45e363b21cd6b11b5da0501f
File size 628.8 KB (643,935 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

the MD5 8624f1f4e080db65fd5c929db251e5c2
the SHA1 a239bea0c16012e88ecbce56d72cf8a3609180b3
the SHA256 f68b08dd4875f24eea0ba49fa87c4f2fe9181c89760c1c47bff8501d87b1f5fb
ssdeep24576: hAT8QE + kyUgAT8QE + k8iEnDHwtbf8jfRzrxRwH3eiEnGHwtbfpjfRzrxRyH3K: hAI + pUgAI + NnIf8jVrxRRndfpjVrxRd
authentihash  91a013a776b9ae8209137532141cf98fe10feb95561743de156ca36d3c5694df
imphash  c9adc83b45e363b21cd6b11b5da0501f
File size 1.8 MB (1855970 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments