Kirk Ransomware - IOC - File Details


1) Ransomware Name - Kirk

2) Encrypted Extensions - .Kirked

3) Ransom Note File - RANSOM_NOTE.txt

4) Encrypted Algorithm - AES+RSA

5) Decryptor Link - https://www.google.com/url?
q=https://www.virustotal.com/en/file/39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc/analysis/&sa=D&ust=1505123329467000&usg=AFQjCNGByKzKvqvrc_XriYgEYyclhFRmYg


6) Screenshot -


7) Indicators of Compromise -
Active email addresses:
kirk.help@scryptmail.com
kirk.payments@scryptmail.com


8) File Details -
MD5 78117f7acc8b385e9b29fe711436d16d
SHA1 0d4dfe880f8ec4b394f49f1a2608200dd06ba8a6
SHA256 39a2201a88f10d81b220c973737f0becedab2e73426ab9923880fb0fb990c5cc
ssdeep98304: / IEyVyGHAeBysDq7g5SspYPchCPgkMOu4 + vQqzKdJcqXlduupA5gEbvU0Ods + 0kb: QXl / qSSspHI7vu4 + vicqy5Jv6dsuV
authentihash  7cf8bc9292554296bfc8e93b1a6c76edbfdca384b67c4e58714b159378250fc6
imphash  05a03ed18d2e75f8c4f1c5bcf287ac56
The file size is 5.5 MB (5756255 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit

Comments