Encoder.xxxx Ransomware - IOC


1) Ransomware Name - Encoder.xxxx

2) Encrypted Extensions - .ranrans

3) Ransom Note File - Instructions.html

4) Encrypted Algorithm - NA

5) Decryptor Link - NA

6) Screenshots -


7) Indicators of Compromise -
xxxx://ranrans.000webhostapp.com/*** (145.14.145.49:443, Нидерланды)
xxxx://pp.com/***
xxxx://copyexitodelvalle.tk/wp-login.php***
xxxx://member-daumchk.netai.net/ ***
xxxxs://lancelvoice.000webhostapp.com/new-messages/new-office-note/***
xxxx://voiceandfax.000webhostapp.com/ ***
xxxxs://byhakdad.000webhostapp.com/***
xxxx://bit.lv/2pSvhaO
xxxx://bit.ly/2pSGjvO
xxxx://bit.ly/2qtVk8B
BTC: 1EkL3c68MYv5MvchU4FHRYCjEj4DKAerG9


8) File Details -
the MD5 7774a30be28a49f293bba343f3b3409c
the SHA1 64db7165ea9966535c9f445ebbf869da17222c91
the SHA256 6ec8a3ff951bc68972f1affc929b35b86943a3caef1b7287da311ee41f0316a3
ssdeep3072: fksmtrYTEdh7xOhZ1JeYhNoENe1Auuztp + H57JsM + lmsolAIrRuw + mqv9j1MWLQi: Msmth8hZSYhNoehzP + H1l + lDAA
authentihash  f4e761b5402cd473a8545a5e059f60f2676092ace5ef9cd59d832ae92ea12eef
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 214.0 KB (219,136 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Comments