Korean Ransomware - IOC - File Details


1) Ransomware Name - Korean

2) Encrypted Extensions - .암호화됨

3) Ransom Note File - ReadMe.txt

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - NA

6) Screenshot -


7) Indicators of Compromise -
http://www.torproject.org/projects/torbrowser.html.en
http://t352fwt225ao5mom.onion
http://2dasasfwt225dfs5mom.onion.city


8) File Details -
MD5 e9dd12f20b0359266e2e151f64231e50
SHA1 ab5dc6e44029dc56d0dd95b75c3db901b7fe629a
SHA256 8997e8d0cdefde1dbd4d806056e8509dea42d3805f4ac77cff7021517ad1ba06
ssdeep1536: nHbuzf2c + v8sLVT6R8ZvlqQEz / GWtkxzv5UtW1vZZn: HbIbsRTLmNalOtWFn
authentihash  a23e7e0dc33931e2058333367cd6df2bea098debd2a6a5c6f128a1d078f4c2d3
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 96.5 KB (98816 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Comments