Hi Buddy! Ransomware - IOC - File Details


1) Ransomware Name - Hi Buddy!

2) Encrypted File - .cry

3) Ransom Note File -
READ_ME.txt
ransom.exe
t11.exe
sec_check.scr.exe

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise - 24fkxhnr3cdtvwmy.onion.to/help.php


8) File Details -
MD5 d240132b0cb453d27af6fac59490af8a
SHA1 9ef24129226036dd33523579b8d775fca2ad6f3f
SHA256 d7fea3a447e1a93dfa799b304737998b3b2b9db0dcbc9bf4b9de01b6803b19dede
ssdeepGt;
authentihash  c0a3af9c76f3378f42fff92ea3365585b0b3ad4de9718df14e829a225a14e0f7
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 24.5 KB (25139 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly


MD5 50881c434db8730bfc5e67bccf573ec2
SHA1 393c2a157d52301405d1594cbcb694c6d2931296
SHA256 2c9599396f8267baa20e89bab33b323ae98497f855534a8b2a629af502539cfe
ssdeepGt;
authentihash  de609a03c078c950c60a4ea21b85a933ed098c640dcf4af2b58e509b99479bd0
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 24.5 KB (25139 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Comments