FSociety Ransomware - IOC


1) Ransomware Name - FSociety

2) Encrypted Extensions -
.fs0ciety
.dll

3) Ransom Note File -
fs0ciety.html
DECRYPT_YOUR_FILES.HTML

4) Encrypted Algorithm - NA

5) Decryptor Link - https://www.google.com/url?q=https://www.bleepingcomputer.com/forums/t/628199/fs0ciety-locker-ransomware-help-support-fs0cietyhtml/&sa=D&ust=1503412226251000&usg=AFQjCNFX3qaL4cvL73krmFB295h0ztHFzw


6) Screenshots -

7) Indicators of Compromise -
eda2.exe
filedata.exewww.archem.hol.es
error.hostinger.eu
хттп://i.imgur.com/PNZaSrX.jpg
185.28.20.87:80
31.170.160.61:80


8) File Details -
MD5 1441b0704b07d6e8f798f6684faf0f79
SHA1 a5f0b838f67e0ca575a3d1b27d4a64dec8fac2fc
SHA256 5eba311d64e4daa055d1bc2bca220e8128079238f786a516255268a7cb7af2a1
Ssdeep3072: BM + lmsolAIrRuw + mqv9j1MWLQ7bTM8M + lmsolAIrRuw + mqv9j1MWLQ: 6 + lDAAqP6 + lDAA
Authentihash  13bb30d4f9b6502f479ad3dc95a0874d7a9fef34655159314055e77f7fbadeef
Imphash  F34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 208.0 KB (212992 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Comments