Skip to main content

Deadly for a Good Purpose Ransomware - IOC


1) Ransomware Name - Deadly for a Good Purpose

2) Encrypted Extensions - NA

3) Ransom Note File - NA

4) Encrypted Algorithm - AES-256

5) Decryptor Link - NA

6) Screenshots -

7) Indicators of Compromise -
gravityz3r@sigant.org



8) File Details -
the MD5 d58120d5c94a54953a1022fd891c052e
the SHA1 dcbec9980b31a3f9074b06adc1410513011cee7b
the SHA256 a324e99b479679e2bc33f02aa82e8fb647edf3aff6cd9b1005ea425498d4ae64
ssdeep1536: 6tWInVpmGktHDgbETH7GXCRvWQQkZYSZ9thSItch7Gc + bwQX: 4WltHVHKXCRvWW // SItg7F + bL
authentihash  17801f8087390765075d5a6d7b1dee7de9f1296d4342e85eb0049c4ce6b25524
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 68.5 KB (70144 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

the MD5 e75e5802688be6cca08afa63761fcff3
the SHA1 db3e5b1d931215f6dda0d2ec2d2b4a0ec9bd1f91
the SHA256 5bf2a47fb04fcb5890b487a607db5ca683a990859fe17e70ca685a85c99358aa
ssdeep1536: RAHMwuHpbwI96zFvKgbETH7GXCRvWQQkZYSZ9thY + 06Bl: yHMwWbw6KdcHKXCRvWW // Y + pr
authentihash  0f1864f2e98d93fe13b65377de796b4bcf23bc465adc5c5ca24e45bc52413848
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 53.0 KB (54272 bytes)
Type of file Win32 EXE
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

the MD5 85b9394cca22148e3fc11d2f12b48f69
the SHA1 fdf6778425bb6a7bcb53ff1633e01c24ee1e2094
the SHA256 08ee6b215a2e0e26223a7485e0e0fd125bddcae513434446b928a2411f8d3a7f
ssdeep
authentihash  a2ba933676742195cd2c52ff63e3c909d299f67c387f101c2c15d38d2570329c
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
File size 69.0 KB (70656 bytes)
File type unknown
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 32-bit Mono / .Net assembly

Comments

Popular posts from this blog

Locked-In Ransomware - IOC - File Details

1) Ransomware Name - Locked-In

2) Encrypted Extensions - .novalid

3) Ransom note File -
RESTORE_CORUPTED_FILES.HTML
RESTORE_NOVALID_FILES.HTML

4) Encrypted Algorithm - AES-256

5) Decryptor Link - https://www.google.com/url?
q=https://www.bleepingcomputer.com/forums/t/634754/locked-in-ransomware-help-support-restore-corupted-fileshtml/&sa=D&ust=1505219068689000&usg=AFQjCNF9ioLcjI8uj-Oh5swSsBA9DBqXMw


6) Screenshot -


7) indicators of Compromise - NA


8) File Details -
MD5 b6ffac29f16e859b7aa8ab7f62b0bcef
SHA1 2eb0644345f4fbde656f316c7d9ce6866ec4335e
SHA256 8cc8125ce0cace7e1f090015a7a2e55aa0bbd06318a3f29c0a11cb6c85ad2264
ssdeep768: L / 1L41c / gaxme9hpfILteybyD1D9Hnfl9AtSy: L9LQOALMybyDJ9N9Aoy
authentihash  e4ca172031e3b85a97b9ca031b97ec94c9d32d9e7cdb33a6349462c01130ead4
imphash  f34d5f2d4577ed6d9ceec516c1f5a744
The size of the file is 38.0 KB (38912 bytes)
Win32 EXE file type
DescriptionPE32 executable for MS Windows (GUI) Intel 80386 Mono / .Net assembly

Hermes Ransomware - IOC - File Details

1) Ransomware Name - Hermes

2) Encrypted Extensions - NA

3) Ransom Note File -
DECRYPT_INFO.txt
DECRYPT_INFORMATION.html
UNIQUE_ID_DO_NOT_REMOVE - файл с ID
hermes.exe
Reload.exe
system_.bat
shade.bat
shade.vbs

4) Encrypted Algorithm - AES

5) Decryptor Link - https://www.google.com/url?q=https://www.bleepingcomputer.com/forums/t/642019/hermes-ransomware-help-support-decrypt-informationhtml/&sa=D&ust=1504791164932000&usg=AFQjCNFF6L6BKQM0Gy3ludx8JBJ5nDRdiA

6) Screenshot -

7) Indicators of Compromise -
primary email: BM-2cXfK4B5W9nvci7dYxUhuHYZSmJZ9zibwH@bitmessage.ch
reserve email: x2486@india.com
8) File Details -
MD5 61075faba222f97d3367866793f0907b
SHA1 cc033c3bf41550563a180444b6166515faa53c3a
SHA256 059aab1a6ac0764ff8024c8be37981d0506337909664c7b3862fc056d8c405b0
ssdeep1536: 9 + Gy5E9sg99CxI4dqFhTfLZ8Lb1WyHVviF9k6zeEkA5YaH88C5Wa / HR: D2E9R9sxfdiqLP1a9keeEkA5YA9afR
authentihash  2504f77bf5514730023a60626445ee71d8ee4e60c18ad92ea5c8f33efc5ed43d
imphash  ff847787dd14576ae2…

LockLock Ransomware - IOC - File Details

1) Ransomware Name - LockLock

2) Encrypted Extensions - .locklock

3) Ransom Note File - READ_ME.TXT

4) Encrypted Algorithm - AES(256)

5) Decryptor Link - NA

6) Screenshot -

7) Indicators of Compromise -
locklockrs@aol.com
http://b1t.do/locklockrs
Skype : locklockrs
www.locklock.net  (200.63.45.76)
C2: locklock.net/tmp/savekey.php


8) File Details - NA