CryptON Ransomware - IOC


1) Ransomware Name - CryptON

2) Encrypted Extensions -
_crypt
.id-_locked
.id-_locked_by_krec
.id-_locked_by_perfect
.id-_x3m
.id-_r9oj
.id-_garryweber@protonmail.ch
.id-_steaveiwalker@india.com_
.id-_julia.crown@india.com_
.id-_tom.cruz@india.com_
.id-_CarlosBoltehero@india.com_
.id-_maria.lopez1@india.com_

3) Ransom Note File - NA

4) Encrypted Algorithm - RSA, AES-256 and SHA-256

5) Decryptor Link - https://www.google.com/url?q=https://decrypter.emsisoft.com/crypton&sa=D&ust=1499959783557000&usg=AFQjCNH1ZOjVbhsT7g5VITR0WuMhFNwo0w

6) Screenshots -



7) Indicators of Compromise -
хттп://in.uniclever.net/  (109.201.142.56:80 Нидерданды)
хттп://in.uniclever.net/init
srv1.uniclever.net
srv2.uniclever.net
xchange.cc/visa-mastercard-rur-to-bitcoin.html


8) File Details -
the MD5 237bf11449a2018b058643c38f12430c
the SHA1 f0c3e8375ad1044995d1292d041334b0475a5064
the SHA256 6f2df7b22047fdf8eb4c3f7d3090dce7e97b1eca031558ba1dd20bbcd769103b
ssdeep1536: C9tym7X7WhY796O3JZqD3IfkHzkbp / 0Kcl: C7ihYxn3WD3IfkTk1 / bY
authentihash  a96fa0287218210e8100346dfcd815ce27da0a678be534fddecaaf88adca6726
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 61.5 KB (62976 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly


the MD5 1aee345a73b07c3ec4c829c1a335c38b
the SHA1 f37d80c990daf688f1675e619e2a3f1c45a9ad7d
the SHA256 4a7d008b3c8de78684cc66326b0db856a5b918dd6f51af821d0101f47218455a
ssdeep393216: 9TDZki0fnwr4eEa8BY6Zd1PP5m9Ek / a3zT: 9TD67u4 + BA1XK / 2
authentihash  79e91bea86662eda092e08a29a505de5f96ef0e08f16b8fcc405336d983b806e
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 15.9 MB (16,651,688 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Comments