CryptoMix Ransomware - IOC


1) Ransomware Name - CryptoMix

2) Encrypted Extensions -
.code
.scl
.rmd
.lesli
.rdmk
.CRYPTOSHIELD
.CRYPTOSHIEL

3) Ransom Note File -
HELP_YOUR_FILES.html (CryptXXX)
HELP_YOUR_FILES.txt (CryptoWall 3.0, 4.0)
INSTRUCTION RESTORE FILE.TXT

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
E-MAIL1: xoomx@dr.com
E-MAIL2: xoomx@usa.com



8) File Details -
the MD5 a0fed8de59e6f6ce77da7788faef5489
the SHA1 96ebbf821f37dc2dcebc177fc3a6c17b3171aab3
the SHA256 004cdc6996225f244aef124edc72f90434a872b3d4fa56d5ebc2655473733aef
ssdeep1536: SkZzt5HhE73kH54aUEvVqs / PKO97CDkDG2LyeUOKFCDRifOVDYEzJOlHLum6: DLphG5GaO97aMG2 + eUO + 7iDYEz4V6
authentihash  02bbd6a17de7c6ae1040add710f2029ace6c11baf8379df68fd98c94cf37c922
imphash  f6e5d8f2cfa29eac9c49b4227f4961fa
File size 100.0 KB (102400 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments