← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - Inside Shanya, a packer-as-a-service fueling modern attacks
We have covered packer-as-a-service offerings from the computer underworld in the past, previously dissecting impersonation campaigns and the rise of HeartCrypt, both popular among ransomware groups. However, it is a fast-changing landscape, and now we are watching a new incarnation of the same type of service: the Shanya crypter — already favored by ransomware groups and taking over (to some degree) the role that HeartCrypt has played in the ransomware toolkit. We’ll look at its apparent origins, unpack the code, and examine a targeted infection leveraging this tool. Sophos protections against this specific packer are covered at the end of the article.
Indicators of Compromise (26)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| FileHash-MD5 | 247890c8e1787f3836a9085244b70e83 | MD5 of 6645297a0a423564f99b9f474b0df234d6613d04df48a94cb67f541b8eb829d1 | 2025-12-09 | |
| FileHash-MD5 | 29236d33201697a40042b3325414c593 | MD5 of 59906b022adfc6f63903adbdbb64c82881e0b1664d6b7f7ee42319019fcb3d7e | 2025-12-09 | |
| FileHash-MD5 | 34fe39190f861681e61a46fe8162d3bc | MD5 of 087216ee05746cc264752b0623dc6a1e32cddc0ca088832672e6dd356d394393 | 2025-12-09 | |
| FileHash-MD5 | 54de95cc33834a2f877ba4842860af27 | MD5 of 95a6f6e79c1842cea3603df3209fddc12aeb4fc77d1c58a852f877b1eaa9c4c9 | 2025-12-09 | |
| FileHash-MD5 | b1a5c56edf70f327d7c7dbff3d861a94 | MD5 of 2bfb560c7b34a2b4c30db711900d6e56d86f754f4fbeebe551b8c67bc30a2b36 | 2025-12-09 | |
| FileHash-SHA1 | 127b50c8185986a52ae66bf6e7e67a6fd787c4fc | SHA1 of 95a6f6e79c1842cea3603df3209fddc12aeb4fc77d1c58a852f877b1eaa9c4c9 | 2025-12-09 | |
| FileHash-SHA1 | 241dd3ffbafb0d15876504710fcaaa807d2c03c8 | SHA1 of 59906b022adfc6f63903adbdbb64c82881e0b1664d6b7f7ee42319019fcb3d7e | 2025-12-09 | |
| FileHash-SHA1 | aebd71337ad1e95c38eb7a07beb498e1c7d6e8bf | SHA1 of 2bfb560c7b34a2b4c30db711900d6e56d86f754f4fbeebe551b8c67bc30a2b36 | 2025-12-09 | |
| FileHash-SHA1 | cb6d7a35e917322401558aed727289423f384876 | SHA1 of 087216ee05746cc264752b0623dc6a1e32cddc0ca088832672e6dd356d394393 | 2025-12-09 | |
| FileHash-SHA1 | df86c01f54636d72e18044f99a9694c82a819946 | SHA1 of 6645297a0a423564f99b9f474b0df234d6613d04df48a94cb67f541b8eb829d1 | 2025-12-09 | |
| FileHash-SHA256 | 087216ee05746cc264752b0623dc6a1e32cddc0ca088832672e6dd356d394393 | — | 2025-12-09 | |
| FileHash-SHA256 | 2647c28b0967b7923d7c857fa1bdc7687d8f816f9dc4906c6a6f66f687a6419a | — | 2025-12-09 | |
| FileHash-SHA256 | 2bfb560c7b34a2b4c30db711900d6e56d86f754f4fbeebe551b8c67bc30a2b36 | — | 2025-12-09 | |
| FileHash-SHA256 | 59906b022adfc6f63903adbdbb64c82881e0b1664d6b7f7ee42319019fcb3d7e | — | 2025-12-09 | |
| FileHash-SHA256 | 5b7b280b53ff3cf95ead4fd4a435cd28294c5fce6a924ec52e500a109deb868b | — | 2025-12-09 | |
| FileHash-SHA256 | 605f9e0e1cd48d21280bfaa8101a621bdf27a87286370b8d2b34e9c0b974fbde | — | 2025-12-09 | |
| FileHash-SHA256 | 65de909d70e361d611d00a944ea094c385467777ffc053c96aafa04c795fdc90 | — | 2025-12-09 | |
| FileHash-SHA256 | 6645297a0a423564f99b9f474b0df234d6613d04df48a94cb67f541b8eb829d1 | — | 2025-12-09 | |
| FileHash-SHA256 | 95a6f6e79c1842cea3603df3209fddc12aeb4fc77d1c58a852f877b1eaa9c4c9 | — | 2025-12-09 | |
| FileHash-SHA256 | 9b4c960df76257b56a2f52cd2c938b76ec64f46cc86f6112db349f9aa02bb323 | — | 2025-12-09 | |
| FileHash-SHA256 | 9fc1fd3d5e303cd20f75d2df4500c22627ad7125cca5ea5e9f7d76362d155823 | — | 2025-12-09 | |
| FileHash-SHA256 | aad15de62b4196390c062e831d69365e44af23ca56d4778bd5bc086720fc2912 | — | 2025-12-09 | |
| FileHash-SHA256 | b33570f16763f9b5d0f265baf0b565238d7b8f522d37340c890d059d9f9ff4dd | — | 2025-12-09 | |
| FileHash-SHA256 | f548fb03a3834db7db437db837e0d23785e16a875199a1d7250a3c91390d934c | — | 2025-12-09 | |
| URL | http://biklkfd.com/upd | — | 2025-12-09 | |
| domain | biklkfd.com | — | 2025-12-09 |