GOG Ransomware - IOC


1) Ransomware Name - GOG

2) Encrypted Extensions - .L0CKED

3) Ransom Note File -
DecryptFile.txt
random.jpg

4) Encrypted Algorithm - RZA4096

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
xxxx://y6wb5h3ksb6hppeh.onion/service.html
xxxx://y6wb5h3ksb6hppeh.onion.to/service.html
xxxx://81.4.122.134/p4y5k3y5/h4hn5b67lf3dxc1ff0g44/createkeys.php
xxxx://81.4.122.134/p4y5k3y5/h4hn5b67lf3dxc1ff0g44/savekey.php
xxxx://81.4.122.134/imagini/xok.jpg - загрузка изображения на обои

8) File Details -

MD5 d4157f61cfeca15eb2ed2b40dd1f1b53
SHA1 d671129778c58b4120a96d60b10dc952971656bf
SHA256 5a793ac3cc4dd99475cc991c226a107ec04ce6806235c9ae780ae48d169922d2
Ssdeep3072: T / M + lmsolAIrRuw + mqv9j1MWLQ3DKCOM + lmsolAIrRuw + mqv9j1MWLQ: Tk + lDAAku6 + lDAA
Authentihash  68187216f02634f17e25f60e5f4ee9f27747712f77f961fd1515d0928cc1964f
Imphash  F34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 216.0 KB (221184 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Comments