DMALocker Ransomware - IOC


1) Ransomware Name - DMALocker

2) Encrypted Extensions - NA

3) Ransom Note File -
cryptinfo.txt
decrypting.txt
start.txt

4) Encrypted Algorithm -
AES(256) in ECB mode,
Version 2-4 also RSA

5) Decryptor Link -
https://decrypter.emsisoft.com/
https://github.com/hasherezade/dma_unlocker
https://drive.google.com/drive/folders/0Bzb5kQFOXkiSMm94QzdyM3hCdDg
https://decrypter.emsisoft.com/
https://github.com/hasherezade/dma_unlocker
https://drive.google.com/drive/folders/0Bzb5kQFOXkiSMm94QzdyM3hCdDg

6) Screenshots -


7) Indicators of Compromise -
e-mail: crypt302@gmx.com


8) File Details -
the MD5 745ae41840a3be2ed1732c2b6307a63f
the SHA1 a5d03bfb37b10b17c2922bd215f04b498b888176
the SHA256 9827c04d1170ed7b278185eb16610c74591b7769f88ed509fc4128845baaf20a
ssdeep1536: 9kR7Hlwjb5lBNHi + q3AotK9qdqeZ0Vd7ZskJizNfQKhJRCKjPc / bNsWh0Gu: 6RLWjbBNCTAdeCJJ8XJRdw / BJh0Gu
authentihash  e9214495f98efe9620b90e7fae4b55d7fa427fd8eefb572f8eeb7e1a6304d1e5
imphash  1faa1f41ff65fec472802847d7ad22ce
File size 201.5 KB (206,336 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (console) Intel 80386 32-bit

the MD5 0cbe28ba2991696d6ad5dfa6bfc40f2e
the SHA1 25f80c9512845665e371f5923b639b9011c51e8e
the SHA256 9ffccc3a862274bd82bd4bb2cb176f7d907639369587bbc3c97aaac3e73af696
ssdeep1536: 9kR7Hlwjb5lBNHi + q3AotK9qdqeZ0Vd7ZskJizNfQKhJRCKjPc / bNsWh0Gu: 6RLWjbBNCTAdeCJJ8XJRdw / BJh0Gu
authentihash  076a3c8b5567d0daac0466e153cf4c8d278a0b9988cc7cf07d6db2e678784532
imphash  1faa1f41ff65fec472802847d7ad22ce
File size 201.5 KB (206,336 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (console) Intel 80386 32-bit

Comments