CryptoLuck / YafunnLocker Ransomware - IOC


1) Ransomware Name - CryptoLuck / YafunnLocker

2) Encrypted Extensions - .[victim_id]_luck

3) Ransom Note File -
%AppData%\@WARNING_FILES_ARE_ENCRYPTED.[victim_id].txt.
@WARNING_FILES_ARE_ENCRYPTED.04FF8160.txt
@WARNING_FILES_ARE_ENCRYPTED.0054B131.txt

4) Encrypted Algorithm - AES-256 + RSA-2048

5) Decryptor Link - NA

6) Screenshots -


7) Indicators of Compromise -
http://dropmefiles.com/304718
YAFUNN@YAHOO.COM
PERSONAL ID: 04FF8160
FRAMOZES@YANDEX.RU
bortanofe@hotmail.com
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUr***



8) File Details -
the MD5 59109839de42d2acb44fbd7ff151fe0c
the SHA1 552d5fcf128be786ca02fe946b020de03dd3e592
the SHA256 d399d7eb0e02123a5262549f822bb06e27b4bc8749260363788a5e39a0ce5c2a
ssdeep6144: fc0h522p3l04ZMSmIp3Uy28uhyqe / I37cAPsAaP4iQfxwrTbK4Au: nhxp3lZnT9bDuaI37HPsAaP4iQY + 4h
authentihash  ec2ff5a7be3ddbeee5fcdf41a525f8bb4bf3da0f5c4725b1c06a0c97dd1803c4
imphash  027ea80e8125c6dda271246922d4c3b0
File size 372.9 KB (381811 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments