wastedlocker

General

Target

e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
Size

1.1MB
Sample

200630-cpx65y1s8j
MD5

f67ea8e471e827e4b7b65b65647d1d46
SHA1

e62d3a4fe0da1b1b8e9bcff3148becd6d02bcb07
SHA256

e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
SHA512

b6b2cc29a5c5247d4a68ec7e7d0080e2f6e460eee98ece85498fe25b044beea8d3e15139bcdbaad744c6fb3e9caff7a127bd4487ba35c191a57883e2b47aecc4

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\Desktop\ExpandRegister.xlt.eswasted_info.txt

Family

wastedlocker

Ransom Note

ENERGYSOLUTIONS YOUR NETWORK IS ENCRYPTED NOW USE [email protected] | [email protected] TO GET THE PRICE FOR YOUR DATA DO NOT GIVE THIS EMAIL TO 3RD PARTIES DO NOT RENAME OR MOVE THE FILE THE FILE IS ENCRYPTED WITH THE FOLLOWING KEY: [begin_key]pa89x+Qk8czXwYsq+77NJ+kmi8+JPLuP0ZvaEl9PBJNGPGWHEn/WeIgSu1lXs7/f OJ3j2aNYwhPFuZvavVHUbM5wPI8NoAfzkuLbIAQJMhkRfr+Ph+7S/0e6/8QmlQL2 QvmiD1wExkLM5Y+zF3wp/X8NtVRQ2DyiikWySHYjew7CKf48NgjHnCmF/UcL28S/ 2pXGFoXlbamsqZS6HzuY3mt+Bcl8A/1lnPoHkAimwB53PUSdL1zC1zd5BQjEm6uU MXD/wLgZrERAw6yw5dX3Aoz8+BKNvGSKnxOjWJSdz4+nitca/c6Yj5VNaSDgAA6D vSMxw8X7fHv8eK3yRiVcucvygqIooFyAjcuUo3bVE3IogsPvqT2DFLym7JzwSvol 7FnQpnJQl9dk1BuVytju4dBKwHStSzncK6BRtAKfFL4sUCAG8lpzudFQ4IIbNKvE 8ZnNA3YCqilpjOGWxgwCLMwsMC+FEcUk3C5Ngm7UouND52aMy2B2uurU89oydUOh f6rIvVNfBNJQDM5fn4bR9NsJEk2KKKFzIU8zyXiGD9hLN9nUP78WawgfzjoB2iLc ZeNPisyTchYKXiI6X9Hmi1jg2GZ1k36fwfnHygFkN5rseeMTtEboXE7MGfX9iTJV 4LDcrCmIvvJsGD2Y76YX9m2v1L5MCsjFWdTmuhZ+1Od=[end_key] KEEP IT

Emails

[email protected]

Extracted

Path

C:\Users\Admin\Desktop\EnterPush.mpg.eswasted_info.txt

Family

wastedlocker

Ransom Note

ENERGYSOLUTIONS YOUR NETWORK IS ENCRYPTED NOW USE [email protected] | [email protected] TO GET THE PRICE FOR YOUR DATA DO NOT GIVE THIS EMAIL TO 3RD PARTIES DO NOT RENAME OR MOVE THE FILE THE FILE IS ENCRYPTED WITH THE FOLLOWING KEY: [begin_key]Dcp3nv6ZsPAdUdrPKGlRjfu+X1FwH71NEi+yJcmwIv4BIy6NoV65O6wYD6bHg9ca 3dBgnb5q5+9hn5lLSSiub9n2BCYZQfrYeXO8jjs2QIStz78Ty9iCsKRPl0JapnmW /xfLxVZJWew1Glqvt1C10+i68G5HG3ooCoIWyjx2P0ksre/6852ZfmYGMupGbbbi Y8gEUl8uBlDgnEgfpn6sz1PUs8IP0Duf7TCmzmlsFBATKJfTWwQmvOSaY25w835D tXE4HWvPJGSp2UjI8DUQY/lopf3S+fuedyvBTpwJVDOtsS2G58fSQ70fzjigMXqO /yYxwjzNsL8UkiNJm4ymd/bjKKLAeiCFRFp+LUsL9vz/OtF5EneMwjNyWCV6sSqm Vw4MDVq/EPvBNH45TrasKqE+xMD1I8HpzKYeIOkTrpGdBTe5x5dqMWd6pEDbZAf/ EAfQ8bDWdldfu/ViosTZeg80lEw/0Z8B25UpABApQi7PPICPNoiAoA/D1SJZQuh0 mIGbrjNAXwDmpQPlaLZwnLaRZGGBGoDCtSq5sSZj5OjKLDTwX21nQgDmBLfiRaiq dSxVBSJdJA4ReLjxFfLBVx8Hb45zaLVXnp/0W9rvJeoG+LGY4xjPjnqiKWJO6z/i iKZEtM46A4No+S25XKJR6WPyThOZVw0LZGhypYxtGHd=[end_key] KEEP IT

Emails

[email protected]

Targets

- Target
  
  e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
- Size
  
  1.1MB
- MD5
  
  f67ea8e471e827e4b7b65b65647d1d46
- SHA1
  
  e62d3a4fe0da1b1b8e9bcff3148becd6d02bcb07
- SHA256
  
  e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
- SHA512
  
  b6b2cc29a5c5247d4a68ec7e7d0080e2f6e460eee98ece85498fe25b044beea8d3e15139bcdbaad744c6fb3e9caff7a127bd4487ba35c191a57883e2b47aecc4
Score

10^/10

ransomware persistence discovery exploit wastedlocker
- WastedLocker
  Ransomware family seen in the wild since May 2020.
  ransomware wastedlocker
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2