wastedlocker | aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772 | Triage

Sharing

General

Target

aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
Size

1.1MB
Sample

200713-kdbh18l8qj
MD5

13e623cdfb75d99ea7e04c6157ca8ae6
SHA1

f25f0b369a355f30f5e11ac11a7f644bcfefd963
SHA256

aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
SHA512

ea6b5c882a5298e527be1f3c40cc6d75c56453dd0111d7e9818c28fa7ec32feb19f17cab9a9e49eb0ab9f3a987f7dcc5cadfea7ae99a996f174b0a89e674f421

Score

10^/10

wastedlocker discovery exploit persistence ransomware

Malware Config

Targets

- Target
  
  aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
- Size
  
  1.1MB
- MD5
  
  13e623cdfb75d99ea7e04c6157ca8ae6
- SHA1
  
  f25f0b369a355f30f5e11ac11a7f644bcfefd963
- SHA256
  
  aa05e7a187ddec2e11fc1c9eafe61408d085b0ab6cd12caeaf531c9dca129772
- SHA512
  
  ea6b5c882a5298e527be1f3c40cc6d75c56453dd0111d7e9818c28fa7ec32feb19f17cab9a9e49eb0ab9f3a987f7dcc5cadfea7ae99a996f174b0a89e674f421
Score

10^/10

ransomware discovery exploit persistence wastedlocker
- WastedLocker
  Ransomware family seen in the wild since May 2020.
  ransomware wastedlocker
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Possible privilege escalation attempt
  exploit
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

File and Directory Permissions Modification

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

ransomwarediscoveryexploitpersistencewastedlocker