Sample File:

	MD5 hash:
		c86e8425a3c9f4c1c475898d9a54a6d9

	SHA1 hash:
		4ba84694226f40f825901c611c8ed84ad1aea7e7

	SHA256 hash:
		dee28396d1ec3e91bad9b0cb0b945a5512a70882bffbb1f47e153b27b41977df

	SSDEEP hash:
		3072:1ghqfJRx7lF34j7GF34j7ZB6W1AEG5pzH0Dl2flUnLdKrAsrpH9Z59q:5dyqyZz16VPlULdK5pf59

	Filename(s):
		BB ransomware.exe

	Filetype:
		Windows Exe (x86-32)


Mutex IOCs:

		- None -

Registry Key IOCs:

		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\AppContext
		HKEY_LOCAL_MACHINE
		HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\XML
		HKEY_CURRENT_USER\SOFTWARE\Microsoft\.NETFramework\XML
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgJITDebugLaunchSetting
		HKEY_LOCAL_MACHINE\Software\Microsoft\.NETFramework\DbgManagedDebugger


Domain IOCs:

		- None -

IP IOCs:

		- None -

URL IOCs:

		- None -

File IOCs:

	Filenames:
		C:\Users\FD1HVy\Pictures\s8nj.png.encryptedbyBB
		C:\Users\FD1HVy\Pictures\WUFAiJkFD.jpg.encryptedbyBB
		C:\Users\FD1HVy\Pictures\ki_dMhqLHqic_TxbGMI.png.encryptedbyBB
		C:\Users\FD1HVy\Pictures\GEhqqA3sYQSkI7fC9OYU.gif
		C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
		C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
		C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
		C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Core\v4.0_4.0.0.0__b77a5c561934e089\System.Core.dll
		C:\Users\FD1HVy\Pictures\7ETK mHdCHVI4g.jpg
		C:\Users\FD1HVy\Pictures\vjEaj00hwfV8Ke_N_Svq.png.encryptedbyBB
		C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
		C:\Users\FD1HVy\Pictures\Ond8yRC_W27YxY.gif
		C:\Users\FD1HVy\Pictures\7LPg.gif
		C:\Users\FD1HVy\Pictures\AApAl2.bmp.encryptedbyBB
		C:\Users\FD1HVy\Pictures\GEhqqA3sYQSkI7fC9OYU.gif.encryptedbyBB
		C:\Users\FD1HVy\Pictures\WUFAiJkFD.jpg
		C:\Users\FD1HVy\Pictures\desktop.ini.encryptedbyBB
		C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config\machine.config
		C:\Users\FD1HVy\Pictures
		C:\Users\FD1HVy\Desktop\BB ransomware.exe.config
		C:\Users\FD1HVy\Pictures\yGO_eUa0GP_FKyiBj.bmp
		C:\Users\FD1HVy\Pictures\MousZfNe-KkO2Ra2yCe.jpg
		C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.dll
		C:\Users\FD1HVy\Pictures\7ETK mHdCHVI4g.jpg.encryptedbyBB
		C:\Users\FD1HVy\Pictures\ki_dMhqLHqic_TxbGMI.png
		C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Configuration\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
		C:\Users\FD1HVy\Pictures\vjEaj00hwfV8Ke_N_Svq.png
		C:\Users\FD1HVy\Pictures\5rqjW_ugsw1wGmp9oS5p.bmp.encryptedbyBB
		C:\Users\FD1HVy\Pictures\AApAl2.bmp
		C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorlib.dll
		C:\Users\FD1HVy\Pictures\MousZfNe-KkO2Ra2yCe.jpg.encryptedbyBB
		C:\Users\FD1HVy\Pictures\OxeAL5Z.png
		C:\Users\FD1HVy\Pictures\s8nj.png
		C:\Users\FD1HVy\Pictures\5rqjW_ugsw1wGmp9oS5p.bmp
		C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Xml\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.dll
		C:\Users\FD1HVy\Pictures\OxeAL5Z.png.encryptedbyBB
		C:\Users\FD1HVy\Pictures\Ond8yRC_W27YxY.gif.encryptedbyBB
		C:\Users\FD1HVy\Desktop\BB ransomware.exe
		C:\Users\FD1HVy\Pictures\yGO_eUa0GP_FKyiBj.bmp.encryptedbyBB
		C:\Users\FD1HVy\Pictures\desktop.ini
		C:\Users\FD1HVy\Pictures\7LPg.gif.encryptedbyBB

	MD5 hashes:
		fe4c07a276646ae9b1e35f1a87490a4e
		a8383ec80fc0d022a8e427cc3d9c131c
		7b1295ce48bfd698907114a9969bd925
		f3c0ec5e6aa7480a6f31f4b748024e69
		d2ca22de54d21d17df376ad039986985
		3337daba17a47435492a4e2bc4e0d71d
		e90beb647c5ecbc17e664401e1c3c591
		81cfd7ad41b378d5720da3e41bc189e5
		28676a354b311c97142c632372898d84
		978200ff2ecc41cbc055ebf78e443187
		c86e8425a3c9f4c1c475898d9a54a6d9
		7eb85254e9e8b7fb55057f093e11378d
		76d42dd4ee054af5f00815931e6d920d
		f652104b29594f68c7f79bfda477a28f
		e2dfeb60c953f7ee5c9045b1db025e95

	SHA1 hashes:
		ba8fcca336a9a845198f4ca510b4a3783fcefc07
		e41d99ee1453a2d1cbc0cb4bd4531726d81d4c85
		bd914e1dbf744783a228216a4b863a067ed142ad
		976f6188b952ae3667bb47cb6de674057eedbca9
		5e7cdb0dd8a44deccbd148acf6c93ba586892213
		c977560f9ca048c13313f7879da3a10b6d263bc5
		23b9db308d24aae96377e2c8b2ac99a3ca3be400
		4ba84694226f40f825901c611c8ed84ad1aea7e7
		dd377a34c36b27b17ced9094b0c2dbb2ef0411cd
		47f386254bcaa0896d7879567447d942206b6994
		9ec8f1262bf9365ab1d4fcae51dbb6d70823a808
		08e00ed92d5fd5d293ad6677e26fcf0699b005b0
		16db2f95f2d1725f05a84760ea89f27980fbf6de
		a0e9744b3bfa2e49ed5dc14bc98946f6aed6c332
		194fbd21e5d96e0cbcb2ff56f8fe5427d4dc511a

	SHA256 hashes:
		bd62c8fbc8494a6088c4693184718b51f0ec71e6656db969256a0780fcdd24f6
		5e5327d2fe2a48766f34e26b43eba7eb9ccb20b1d9f7d95513b1bbc2868c3b49
		dee28396d1ec3e91bad9b0cb0b945a5512a70882bffbb1f47e153b27b41977df
		205901de5928b5331ccd28d7c6a0e774062d5135c455dfd284804969fea3aa0c
		eb707c760b397fe6bec223eebb6828e64acdb9221d8276ef08c9aef48b84d2de
		f1d6fd1e5d37a4e3d21d22f2997516725a60baaac17beb0f6f13203d7bc3aacd
		87994adea8b9379d7eced6cf66ce73a943d7cd6e607257c54b36aab17957256f
		db6dfb0cc55b19dd5bde2403b901557ba60610841605572685504336a2409b6a
		5412de50da9edd7db3e1038f46027062f78a617818fde974b35526658ef9766b
		c1bf409daeb927af6b4cd6dcb0a1e94272204945a52ae1d87ace1cd7f7ab4d6b
		f0977d92e6b3a1f92ee9197852d7e29e8f8e207bce859cc5ba1b1df951e2dca7
		15db396c9faa48e6d887da07764b5bf423e5c2dff0dc73341f95ba4c349677b2
		e8d9a9362fb02c3123ab124e55c6860eeed3e18fbcd15236dbce2fa5a8b243a3
		61a5a1ea53c1134541e6e49b72ac02dec648574d1d405428cc868563c17f34f1
		9ec8df0cff7a3fe5dcdf6e53bfe864a1571e9e4dccd18ef2c11ee069a1322462

	SSDEEP hashes:
		12:o14/4wNd4FBPKzUaxdGmxwRHfISLGEAJSZNlX+cTaD397osfneuO8XrgJ4+SsRs:o14/4wN+TUUaxdrx5lJw3XG5UmO8XrgO
		3072:JXHLOtxSSCO0lGVTXWuHUqQafzFmQXj8sfNdTa8jOdi:ZitcSdpXWuHUqxz9pNNAi
		3072:zZ3iuSKZO/hEKLYi6+M8vUX8QIzdLv/KBUwvUPy2Z5qxIR0JrW20P/:13zKLYi6+MqUX8QOPyfPA
		3072:ip4pti7O++5JvyqCdVHYe8G3hE44LAVh8YMt3/ZrvQUivJTI:cWti71+ryP3HYenxrVh8D5Qf+
		768:fbsD6OqpSgSBfqExxEjJAAaBq2xyWMmGufGhiBm0xmIprN4o1HhCgo00QVN2xoM8:fS+6Bf/yAxmPufT9xrR4YBh00o8R
		3072:LKC1H2uYaTc1FRE4Y8Yo5ACIYMqXj5kfeQlFwXvPgrnee8L:B1WuYMiFRMdo5HIYlFkJFyvPgrnebL
		3072:lBrPAWnVzKYVqO2tCRQR1xP5R+f5/5ZaTTEVzU33NO3I2VpLRVIlqg5pnfbQJ/Pn:lBrPNnV+a8MMzajaTiYNO3BXoTcn
		1536:JxKwLHbzPyV79TC90KACPXP9038BxAFOBhtgVvN:JxBLHPaBpsAuP2sIN
		3072:fGxxS67FKDAt88sciNHBAiZF/zo9PtJRXriOn+8Tik8he+tvFonl4sPn:fk7FeW88jiHrnzo9PtbXriO+8TrKe+tU
		3072:2KY1Ho4ahCVp0BOi76EYBlijNaKDh+qmiThwY:2KQOCv0Oi763lijYKDhMY
		3072:1ghqfJRx7lF34j7GF34j7ZB6W1AEG5pzH0Dl2flUnLdKrAsrpH9Z59q:5dyqyZz16VPlULdK5pf59
		3072:9OeGikq2FAlJXofgWuNw4u8s3USHZiXIWhHRCtFBsOuko+QbJmi7AXR8f:PeAlJXNNzu8sLZKPhx4buko+QbJmiSg
		3072:bcPw511xrQEJV9otVi7XQ7HjVtHGiL8wg80SVgO4kvl7zrmEKKMUqS7ErcwwLV5D:Cw51vkwrotZ/miLe89JB7XmEcUeo7X6U
		3072:XdCxwD2f+4HRKgVeeAJaySmTWItG1BEKMYSloROO6KYy:XdIwixHRKAAJaydaQGsxoAO6E
		3072:zWT/lSC2xEKt4pLAYB5k8DtfzrOL5EF16xTSzt4jO3ED:6TmxELLAYr3BfzrOL616k9k