Evil Ransomware - IOC


1) Ransomware Name - Evil

2) Encrypted Extensions -
.file0locked
.evillock

3) Ransom Note File - NA

4) Encrypted Algorithm - AES

5) Decryptor Link - NA

6) Screenshots -


7) Indicators of Compromise - r6789986@mail.kz


8) File Details -
the MD5 c2ed5b0eea4e4bf833e1a5549bde2024
the SHA1 5b24af2e9802b503c7f41c17b561b0b6b38914d7
the SHA256 b75b3ff65632b65d1d641075bd2f5ed0ede93da3a35d7f50068b9371ee5c4552
ssdeep6144: 5ji4E09S / t71Pnk0vlg6D59mkwxpCkiesHjAqk55e5BT: Ji4E09qLnrbt9mCeujAJ55e5BT
authentihash  22226d8aa9230a6f168095f4d7367dbc04bd5ffe444f2391bbcfe85751c2b09e
imphash  6523c8144ea079696ffc809d9eb219fc
File size 414.0 KB (423,936 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

the MD5 b9d81c51c10abd64107edc5e73a26aea
the SHA1 714a422876768ed423df93af419de0f37c4ea46c
the SHA256 1817853fdaf2d35988ca22a6db2c939e0f56664576593d325cfd67d24e8fb75c
ssdeep384: ctxC55 + UC + CGCwTWi5Jb6P3JOnuqOM / k1irbIUiVXCKI8KSfoKhaaVtgpVsid: KXLzg5IQD / sirznd
File size 62.2 KB (63664 bytes)
File Type Text
DescriptionASCII English text, with very long lines, with no line terminators

the MD5 b3a17f4ec0e5ea0f406884c69afdd676
the SHA1 fe61098c0e444ac0e20bc70de3d1014ff3b49029
the SHA256 ffc5e46200f16549f17d2d6e4d6e5e61239b711cd07fbf7932c31e2ea18a7865
ssdeep6144: 5ji4E09S / t71Pnk0vlg6D59mkwxpCkiesHjAqkF5e5BT: Ji4E09qLnrbt9mCeujAJF5e5BT
authentihash  8fb9f2f802f6caa3b2407ea41050409c2c3c2ce6c7ff8326901a85e77cf79438
imphash  6523c8144ea079696ffc809d9eb219fc
File size 414.0 KB (423,936 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments