FabSysCrypto Ransomware - IOC


1) Ransomware Name - FabSysCrypto

2) Encrypted Extensions - .locked

3) Ransom Note File -
_HELP_instructions.txt
fabsyscrypto.exe

4) Encrypted Algorithm - RSA-2048 and AES-128

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -

xxxxs://www.torproject.org/download/download-easy.html
1. xxxx://32kl2rwsjvqjeul7.tor2web.org/56D592DC7A9DDlDB
2. xxxx://32kl2rwsjvqjeul7.onion.to/56D592DC7A9DDlDB
3. xxxx://32kl2rwsjvqjeul7.onlon.cab/56D592DC7A9DDlDB





8) File Details -

MD5 ddcd198ef8d39196a515f9ba27ebfdea
SHA1 bc35e9ca0a01696c4ae7fd7fbe63114d6b12ae5b
SHA256 99beefe151f73494d923e40c1b43d8f525441eb88df303d0a13c293c309c2f62
Ssdeep1536: syJpWAMFfumsolagIrRuw + mqbz9j1MWLQsg: jTM1umsol3IrRuw + mqv9j1MWLQr
Authentihash  9f721a272cd773454883e6f417c7f91c8f3a030e3b809bb49352428d9b9d4a5b
Imphash  F34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 116.0 KB (118784 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly



MD5 340eabcabd383c768d5d8eaff3e16de8
SHA1 76b79ed26a409c2ceb83c2b2d1b4470d8b99565f
SHA256 8feec8ca1026ea0392b80524ace8d637b9c96ad975ead4c764c3a1401ff921de
Ssdeep1536: o8EAMFfumsolagIrRuw + mqbz9j1MWLQsg: 1M1umsol3IrRuw + mqv9j1MWLQr
Authentihash  3cc20e55c4788cc96e3f99204052c5db8d9d4388048b4ec2d1a49b7c0bf9a2f8
Imphash  F34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 113.5 KB (116224 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Comments