CryptoJoker Ransomware - IOC


1) Ransomware Name - CryptoJoker

2) Encrypted Extensions - .crjoker

3) Ransom Note File -
README!!!.txt
GetYouFiles.txt
crjoker.html

4) Encrypted Algorithm - AES-256

5) Decryptor Link - NA

6) Screenshots -



7) Indicators of Compromise -
mail: file987@sigaint.org
Spare mails: file9876@openmail.cc or file987@tutanota.com



8) File Details -
the MD5 bca6c1fa9b9a8bf60eecbd91e08d1323
the SHA1 711752953ee347e6797e4b8d835e26b0d32331be
the SHA256 ba4e7b8df8d78a961b30e890c8721fe78c730c0f2c2a85c858369cd3a55f0f13
ssdeep6144: QN2VYJa4zZXX5iJBxhxmj9hZJgq9ztURVpcLC9dQXQ0OBjtguUOuc6HcsVUN: QN6bIXpCvKgQGphar2suN
authentihash  b0f4c39278d30af59d18b0e2e38e404a663ecb80dc9f127cb039e373c9db3fea
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 613.9 KB (628,606 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

the MD5 bca6c1fa9b9a8bf60eecbd91e08d1323
the SHA1 711752953ee347e6797e4b8d835e26b0d32331be
the SHA256 ba4e7b8df8d78a961b30e890c8721fe78c730c0f2c2a85c858369cd3a55f0f13
ssdeep6144: QN2VYJa4zZXX5iJBxhxmj9hZJgq9ztURVpcLC9dQXQ0OBjtguUOuc6HcsVUN: QN6bIXpCvKgQGphar2suN
authentihash  b0f4c39278d30af59d18b0e2e38e404a663ecb80dc9f127cb039e373c9db3fea
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 613.9 KB (628,606 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Comments