General

  • Target

    aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772

  • Size

    1.1MB

  • Sample

    200713-kdbh18l8qj

  • MD5

    13e623cdfb75d99ea7e04c6157ca8ae6

  • SHA1

    f25f0b369a355f30f5e11ac11a7f644bcfefd963

  • SHA256

    aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772

  • SHA512

    ea6b5c882a5298e527be1f3c40cc6d75c56453dd0111d7e9818c28fa7ec32feb19f17cab9a9e49eb0ab9f3a987f7dcc5cadfea7ae99a996f174b0a89e674f421

Malware Config

Targets

    • Target

      aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772

    • Size

      1.1MB

    • MD5

      13e623cdfb75d99ea7e04c6157ca8ae6

    • SHA1

      f25f0b369a355f30f5e11ac11a7f644bcfefd963

    • SHA256

      aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772

    • SHA512

      ea6b5c882a5298e527be1f3c40cc6d75c56453dd0111d7e9818c28fa7ec32feb19f17cab9a9e49eb0ab9f3a987f7dcc5cadfea7ae99a996f174b0a89e674f421

    • WastedLocker

      Ransomware family seen in the wild since May 2020.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Possible privilege escalation attempt

    • Modifies file permissions

    • Drops file in System32 directory

    • Modifies service

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Hidden Files and Directories

1
T1158

Defense Evasion

File Deletion

2
T1107

File Permissions Modification

1
T1222

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Impact

Inhibit System Recovery

2
T1490

Tasks