Annabelle Ransomware Sample and Analysis

The developer of this ransomware used the Annabelle doll from the movie franchise of the same name, an american horror film.This ransomware encrypts user data, and then requires a ransom of 0.1 BTC to bring back the files. After encrypting the file .ANNABELLE extension is added. This ransomware was found during the second half of February 2018. For Virustotal report click here. The note with the demand for redemption is the lock screen: Annabelle ransomware lock screen

Annabelle Ransomware Sandbox Run

Annabelle Ransomware Hash

MD5: 0f743287c9911b4b1c726c7c7edcaf7d
SHA1: 9760579e73095455fcbaddfe1e7e98a2bb28bfe0
SHA256: 716335ba5cd1e7186c40295b199190e2b6655e48f1c1cbe12139ba67faa5e1ac
SSDEEP: 393216:UMwm0qBknxdEX+LbMUgoSZmWSmh4aaRN22ChHCMNku1y:UMcKX+Lbjgd7W1RNVC9ku1

Download Annabelle Ransomware Sample

Download Annabelle Malware Sample
The password of the zip is: infected

Download Annabelle Ransomware PCAP

Download Annabelle Malware PCAP