HDDCryptor Ransomware - IOC - File Details


1) Ransomware Name - HDDCryptor

2) Encrypted Extensions - NA

3) Ransom Note File -
dcapi.dll
dccon.exe
dcrypt.exe
dcrypt.sys
log_file.txt
Mount.exe
netpass.exe
netuse.txt
netpass.txt

4) Encryptea Algorithm - Custom (net shares), XTS-AES (disk)

5) Decryptor Link - NA


6) Screenshot -
7) Indicators of Compromise -
drake117@sigaint.org
хттпs://blockchain.info/
хттпs://www.okcoin.com/
хттпs://www.coinbase.com/
хттпs://bitcoinwallet.com


8) File Details -
MD5 a50325553a761d73ed765e326a1733a3
SHA1 6a5250a24439cb760e91c228b56d991a717e556a
SHA256 74336da7eb463092a5f1bca3071f96b005f52e6df5826f8b0351e10537ba0459
ssdeep49152: aEzWq251mCxFFF1uFwRYVFFFvsVmHNiFFFZ7HBvFFFbp1GWaPvJlx8G +: aEh25LuFUhGJlx8
authentihash  b805bcf79a99a0a7fa7cc1a60e299fda5dd256f5928304e9240842138e3d3c18
imphash  19b579508944735949a06ee438c121ae
The file size is 2.3 MB (2441319 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments