Demo Ransomware - IOC


1) Ransomware Name - Demo

2) Encrypted Extensions -
.encrypted
.iloveworld

3) Ransom Note File - HELP_YOUR_FILES.txt

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
http://5hvtr4qvmq76zyfq.onion/alpinism/
https://www.torproject.org/download/download.html.en
gotohelldr.exe
barbinor2.exe
PLEASE_READ_FOR_DECRYPT_FILES_.html


8) File Details -
the MD5 55d36e5f0876dec43437255756f325a9
the SHA1 8fb3768278770b4b068c92f1b7afe31bd738e660
the SHA256 8623e70f2b6a7d6529ca3fdda3269b5efb189c640f6c59df175c0793e0d9e3ef
ssdeep768: my8Hmchl4YNu8o69kAgpT0jxsDwDpbDT82St6dh7yeCWj: o1h2w9kPpgjxxb / + IIS
authentihash  e5a63b8c7aead849c418938cbdad9f00523c4a7d5ed69426549465a65f22949f
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 37.0 KB (37888 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (console) Intel 80386 32-bit Mono / .Net assembly

Comments