DetoxCrypto Ransomware - IOC


1) Ransomware Name - DetoxCrypto

2) Encrypted Extensions - NA

3) Ransom Nite File - NA

4) Encrypted Algorithm - AES

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
contact365@mail2tor.com
motox2016@mail2tor.com
pokemongo@mail2tor.com
pokbg.jpg - изображение для обоев;
Pokemon.exe - exe-файл для блокировки и дешифровки;
MicrosoftHost.exe - шифровальщик;
pok.wav - музыка для фона.


8) File Details -
the MD5 bb5264d4afec79306399033123f47961
the SHA1 ad9efab82b2bd9e93b9ef1ae349929d6cb68273d
the SHA256 475a815f0ee9dca0e806469d65b2a6e826df63fa266059e693293b9c3cec257e
ssdeep98304: ++ SDgNSC8WqKRNUVyNUVy + SDgNSC8WqK: + uoC8WqKhuoC8WqK
authentihash  772f9487a47c2d4a317c131bde25b1dd85f69be81a6d0d2997986c65eda12bd8
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 3.2 MB (3405824 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

the MD5 03e22c84501da49c066c8c6df80a273d
the SHA1 a172a29bd62659e4705f276206a1c4fc72aeb0a5
the SHA256 927a0dbe45deaabdc9012fa73bc80b6b2f4cdb1077d8e3ed6888d3655a755b37
ssdeep24576: 8v44C8bOo8M2CEghyghwC8bOo8M2CEghyghU4h: 8v4238MWgu38MWgk4h
authentihash  11fa5594f29737e5aec38da41f46c73d73e456bab3699fe600219c52febf8bdb
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 2.3 MB (2441728 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Comments