DoNotChange Ransomware - IOC



1) Ransomware Name - DoNotChange

2) Encrypted Extensions -
.id-7ES642406.cry
.Do_not_change_the_filename

3) Ransom Note File -
HOW TO DECODE FILES!!!.txt
КАК РАСШИФРОВАТЬ ФАЙЛЫ!!!.txt

4) Encrypted Algorithm - AES(128)

5) Decryptor Link - https://www.google.com/url?q=https://www.bleepingcomputer.com/forums/t/643330/donotchange-ransomware-id-7es642406cry-do-not-change-the-file-namecryp/&sa=D&ust=1500466598639000&usg=AFQjCNE43KjhzplN0oW7OCnaQI2Wn2nc1A


6) Screenshots -


7) Indicators of Compromise -
email address tom.anderson@india.com
DE_coDER@mail2tor.com
scryptx@meta.ua
http://5akvz3kp6qbqmpoo.onion
robert.swat@qip.ru


8) File Details -
the MD5 1d1d7920ca66e454a9489000b25898a5
the SHA1 4815f8511cbf245ce23303c0da7e1a4bec7cd06d
the SHA256 1ee580d60a43a847140136874f2b8646a2de700457114c4df0e16170029cdb43
ssdeep12288: hozGdX0M4ornOmZIzfMwHHQmRROXK + 1O3c + jSX8U48zR41eWEPhlBAQyITTU3k: h4GHnhIzOaHjxUhRDWEPjBL7w3k
authentihash  f1e1de00ba0ab319881b7650f995f4f6d60531e54fdab52a158fb7ee3688484a
imphash  fc6683d30d9f25244a50fd5357825e79
File size 696.0 KB (712,704 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments