CryPy Ransomware - IOC


1) Ransomware Name - CryPy

2) Encrypted Extensions - .cry

3) Ransom Note File - README_FOR_DECRYPT.txt

4) Encrypted Algorithm - AES

5) Decryptor Link - NA

6) Screenshots -


7) Indicators of Compromise -
m4n14k@sigaint.org
2. blackone@sigaint.org
CRY.exe
mw.exe
<random>.exe
README_FOR_DECRYPT.txt
xxxx://www.baraherbs.Co.il/js/owebia/victim.php
xxxx://www.baraherbs.Co.il/js/owebia/savekey.php


8) File Details -
the MD5 8bd7cd1eee4594ad4886ac3f1a05273b
the SHA1 ad046bfa111a493619ca404909ef82cb0107f012
the SHA256 de6da70478e7f84cd06ace1a0934cc9d5732f35aa20e960dc121fd8cf2388d6e
ssdeep98304: YqFOH + gETpGHN / MC8gehPP8E4dJHDCkjpqLaINhm4PlVVEzY: YqtgEMkrVPiDCQUphmulnr
authentihash  4afefbc94a8d07a819974007995aac039461625459491ac13cee2994f6be438a
imphash  7af2fe87a3ab930007d141d21c36ceda
File size 5.2 MB (5476735 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

the MD5 8bd7cd1eee4594ad4886ac3f1a05273b
the SHA1 ad046bfa111a493619ca404909ef82cb0107f012
the SHA256 de6da70478e7f84cd06ace1a0934cc9d5732f35aa20e960dc121fd8cf2388d6e
ssdeep98304: YqFOH + gETpGHN / MC8gehPP8E4dJHDCkjpqLaINhm4PlVVEzY: YqtgEMkrVPiDCQUphmulnr
authentihash  4afefbc94a8d07a819974007995aac039461625459491ac13cee2994f6be438a
imphash  7af2fe87a3ab930007d141d21c36ceda
File size 5.2 MB (5476735 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments