CryptoShield Ransomware - IOC


1) Ransomware Name - CryptoShield

2) Encrypted Extensions - .CRYPTOSHIELD

3) Ransom Note File -
# RESTORING FILES #.HTML
# RESTORING FILES #.TXT

4) Encrypted Algorithm - AES(256) / ROT-13

5) Decryptor Link - NA

6) Screenshots -



7) Indicators of Comromise -
https://en.wikipedia.org/wiki/RSA_(cryptosystem)
restoring_sup@india.com - SUPPORT;
restoring_sup@computer4u.com - SUPPORT RESERVE FIRST;
restoring_reserve@india.com - SUPPORT RESERVE SECOND;
104.238.188.209:80 - США
52.27.41.168:443 - США
54.240.162.240 - США
***45.76.81.110/test_site_scripts/moduls/get_info.php



8) File Details -
the MD5 33089f5d5f9dc330a8b0d633a897d0ae
the SHA1 94070705678156c825057e0b3c38d21d37047665
the SHA256 da98d21ebd555c4b0e7c627dfce85bb62611779e0ef2eee42bd2f98c454f9e71
ssdeep1536: cpCIe92eSH2LPaUkXkizdu + 9ZaTfJVw8lje1nfuueI8PMWTce95I: g02ewUs9M + 98z / LjMdevUX2m
authentihash  e6e1f0c4cb39c629f4fc45c9abf44450e9439a6ff99f2d821884f33477ff7f21
imphash  ea28d0f27a9d816b533995a577b7b9df
File size 99.0 KB (101376 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments