FireCrypt Ransomware - IOC


1) Ransomware Name - FireCrypt

2) Encrypted Extensions - .firecrypt

3) Ransom Note File - [random_chars]-READ_ME.html

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
xxxx://lmgtfy.com/?q=how+to+buy+bitcoins
xxxx://www.pta.gov.pk/index.php (Пакистан)
gravityz3r0@sigaint.org


8) File Details -

MD5 ae2fd3a11e561b2268d9fc3bf06c4bff
SHA1 0925b45ae001d396d0344bd3d1efb1d3972201b2
SHA256 5fb67af49105402b2a87b1f7516559d61bd460e617fdf512934778b00541425c
Ssdeep1536: IDsz + ovqnKFTnkoJK1YNTGxteEvGvs / g1YGp / L17Z: ID9ovqqK1 + CEs + Lp / L19
The size of the file is 58.7 KB (60130 bytes)
RAR File Type
DescriptionRAR archive data, v1d, os: Win32

MD5 4193cb08824dbe0ab8fc90eb8576b819
SHA1 de9fa53d1efcc15324c909ff1377d6a1c372286a
SHA256 6016615bf641eb73e4ae33dc8ec73d0bfd7d5022ecdeb980dbd16215cd72841c
Ssdeep384: Jd7uKRCKISmeSIjkx3SJP1bYKHLTwbZxssimw8g7ywHluY: KNKoezjkxMyFxW8g7ywHluY
Authentihash  735d521cfef69101b3f978fc98a8b5b14d7850718dd1a661ece5a7014c72dd25
Imphash  F34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 18.0 KB (18432 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (console) Intel 80386 32-bit Mono / .Net assembly

MD5 d8e99fcae9a469c2081e7ff01675c361
SHA1 ef7c4358717ec9d04b9adc8e40b1eb928885ebf0
SHA256 757e3242f6a2685ed9957c9e66235af889a7accead5719514719106d0b3c6fb4
Ssdeep384: rd7gYWDhghSmeSQjkCg3St1bVz1LTwbZxssimS8dHDT: 6lg / eLjkCwQQFx8SHX
Authentihash  0cca794ecec4b6aec1deaca236aa42afc5860a7bb95465a3f94e4171a2d02338
Imphash  F34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 18.0 KB (18432 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (console) Intel 80386 32-bit Mono / .Net assembly

Comments