Ransomware-MegaCortex

File hashes:
MegaCortex:
478dc5a5f934c62a9246f7d1fc275868f568bc07
81bb640d960fd68869a569f40835447971e7b235
9b7105dd54c009844c31cd2320a407637c527a3a
9bdf5448971b6ee148cbbed8398f99b88839fcf8
a5177bb1c60c716c67bc4fec2524b332979a8bba
ae54575ab8e0024c1444e84a97bbd239706d3ded
ba79b583b6a35dd38f25afd28055cce1835fffd3
f48b41e4356d6a35cef36ef6153755d8d2ec3f0b

Cobalt Strike reflexive loader:
6544e16c316e4700e9271deb31242edf600599c7
6ca2f90a579d995c334ab1fbfbcbe1199507ad45
7772c87601440e93c6d990f4ee31eed314e9c20d
80fcdf1201299dec71163c28e232e826eb7e580f
851468365a19bcebeaf05091547ada838009c0d6
bed9e0bed8a10bc5a065e106ed51fe2710b3ede8
d4b0a1fcfa64312f30f710f11c22b8f1ecc8a981
de07ddc179f7b55f16f7023c0d82aefabd1426c5
fe4e836e635c72ea435b0ff66bc3d487ca2aaa72
0ce8fcc43f001cff54408bb1c2895880cb900f7c
0dfa89d5d26d5269d3282907e3799224c9958af4
2bb0c3607a445d0c08b1a727d466a66843d4f449
411a0dec716c15e63dca2645c97afb5af8bc9e1a
7fc295772f9edd5edcb0f5a49e440c8f1bf95e7b
82c3f0a7a319bee0bfa20df92f8ed791930bac90
94275573efe6494874f048ce720836b847df3444
bd71e9e0285ef2846fa2cecac9ff60826b002ce6
d764cc88e979f7eff45765994ea68613038facf2
edbd27610b7449c4cf2bb63f65c92ffcfb401627
5d32dab9dd235618a3767c38513c920fab0cf8d5
85e51a0ddd93eaf3a2604e603ce643d17a55dfa1

Cobalt Strike Meterpreter shells:
31af48e1e61d85965fd3f4719306a3993550d7e7
afa7575bf763cf312cbd420bfae50d331729cbfc
e7223ac9968ecf707cc7cca10088ae9a9adec522
2849626522a45673a191265c245f934b91020e1c

Other:
2f40abbb4f78e77745f0e657a19903fc953cc664

Certificates:

3AN LIMITED
Status Valid
Issuer thawte SHA256 Code Signing CA
Valid from 12:00 AM 03/15/2019
Valid to 11:59 PM 03/14/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 60974F5CC654E6F6C0A7332A9733E42F19186FBB
Serial number 04 C7 CD CC 16 98 E2 5B 49 3E B4 33 8D 5E 2F 8B

PRO-STO, TOV
Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
Issuer Sectigo RSA Code Signing CA
Valid from 01:00 AM 03/01/2019
Valid to 12:59 AM 03/01/2020
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 3B3BA7DAAA011A33447E607FCD178BE6FBE190BE
Serial number 00 CA 0E 70 90 D4 82 70 04 C9 9A F2 FC 7D 73 3C 02
	File hashes:
	MegaCortex:
	478dc5a5f934c62a9246f7d1fc275868f568bc07
	81bb640d960fd68869a569f40835447971e7b235
	9b7105dd54c009844c31cd2320a407637c527a3a
	9bdf5448971b6ee148cbbed8398f99b88839fcf8
	a5177bb1c60c716c67bc4fec2524b332979a8bba
	ae54575ab8e0024c1444e84a97bbd239706d3ded
	ba79b583b6a35dd38f25afd28055cce1835fffd3
	f48b41e4356d6a35cef36ef6153755d8d2ec3f0b

	Cobalt Strike reflexive loader:
	6544e16c316e4700e9271deb31242edf600599c7
	6ca2f90a579d995c334ab1fbfbcbe1199507ad45
	7772c87601440e93c6d990f4ee31eed314e9c20d
	80fcdf1201299dec71163c28e232e826eb7e580f
	851468365a19bcebeaf05091547ada838009c0d6
	bed9e0bed8a10bc5a065e106ed51fe2710b3ede8
	d4b0a1fcfa64312f30f710f11c22b8f1ecc8a981
	de07ddc179f7b55f16f7023c0d82aefabd1426c5
	fe4e836e635c72ea435b0ff66bc3d487ca2aaa72
	0ce8fcc43f001cff54408bb1c2895880cb900f7c
	0dfa89d5d26d5269d3282907e3799224c9958af4
	2bb0c3607a445d0c08b1a727d466a66843d4f449
	411a0dec716c15e63dca2645c97afb5af8bc9e1a
	7fc295772f9edd5edcb0f5a49e440c8f1bf95e7b
	82c3f0a7a319bee0bfa20df92f8ed791930bac90
	94275573efe6494874f048ce720836b847df3444
	bd71e9e0285ef2846fa2cecac9ff60826b002ce6
	d764cc88e979f7eff45765994ea68613038facf2
	edbd27610b7449c4cf2bb63f65c92ffcfb401627
	5d32dab9dd235618a3767c38513c920fab0cf8d5
	85e51a0ddd93eaf3a2604e603ce643d17a55dfa1

	Cobalt Strike Meterpreter shells:
	31af48e1e61d85965fd3f4719306a3993550d7e7
	afa7575bf763cf312cbd420bfae50d331729cbfc
	e7223ac9968ecf707cc7cca10088ae9a9adec522
	2849626522a45673a191265c245f934b91020e1c

	Other:
	2f40abbb4f78e77745f0e657a19903fc953cc664

	Certificates:

	3AN LIMITED
	Status Valid
	Issuer thawte SHA256 Code Signing CA
	Valid from 12:00 AM 03/15/2019
	Valid to 11:59 PM 03/14/2020
	Valid usage Code Signing
	Algorithm sha256RSA
	Thumbprint 60974F5CC654E6F6C0A7332A9733E42F19186FBB
	Serial number 04 C7 CD CC 16 98 E2 5B 49 3E B4 33 8D 5E 2F 8B

	PRO-STO, TOV
	Status Trust for this certificate or one of the certificates in the certificate chain has been revoked.
	Issuer Sectigo RSA Code Signing CA
	Valid from 01:00 AM 03/01/2019
	Valid to 12:59 AM 03/01/2020
	Valid usage Code Signing
	Algorithm sha256RSA
	Thumbprint 3B3BA7DAAA011A33447E607FCD178BE6FBE190BE
	Serial number 00 CA 0E 70 90 D4 82 70 04 C9 9A F2 FC 7D 73 3C 02