HashDeger
SHA256a0e32603876c3035d76a78e35d5f89576ded2475451b4d27e19331bf9e6abfc3
MD5d09ae1e8fcbf74bbed3ae6b78f88774e
Boyut780800 bytes

STOPRansomware C2

AlanDeger
C2Tespit edilemedi
Port443

Tehdit Analizi

STOPRansomware statik analiz: Config tespit edilemedi. KEYDAL kSentinel.

STOPRansomware — Malware Profile

STOP/DJVU Ransomware is one of the most widely distributed ransomware families. Encrypts personal files, demands ransom in Bitcoin. Distributed via cracked software.

Malware Type
Ransomware
Programming Language
C
C2 Protocol
HTTP
Target Systems
Windows

Technical Details

C, Salsa20 + RSA-1024 sifreleme (hibrid), C2 sunucusundan RSA anahtar alimi, offline key backup (internet yoksa), .stop/.djvu uzantilari, %LOCALAPPDATA% konumu, mutex Global{GUID}, shadow copy silme (DPAPI ile sifreli sifre yonetimi)

Capabilities & Behavior

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOC List (7 indicators)

IOC — STOPRansomware
# SHA256 a0e32603876c3035d76a78e35d5f89576ded2475451b4d27e19331bf9e6abfc3 # MD5 d09ae1e8fcbf74bbed3ae6b78f88774e # IP 217.12.212.40 # IP 45.67.228.218 # DOMAIN centralserver.xyz # MUTEX Global_STOP_Ransomware_Mutex # URL https://centralserver.xyz/get_key.php
TypeValueNote
sha256 a0e32603876c3035d76a78e35d5f89576ded2475451b4d27e19331bf9e6abfc3 STOPRansomware
md5 d09ae1e8fcbf74bbed3ae6b78f88774e STOPRansomware
ip 217.12.212.40 STOP/DJVU C2 - aktif anahtar sunucu
ip 45.67.228.218 STOP/DJVU payload server
domain centralserver.xyz STOP/DJVU C2 domain
mutex Global_STOP_Ransomware_Mutex STOP/DJVU mutex
url https://centralserver.xyz/get_key.php STOP/DJVU anahtar indirme URL
Tags
stopransomwareanalizstatikioc