General

  • Target

    Interfaces.bin

  • Size

    1MB

  • Sample

    200726-jgqm86w26x

  • MD5

    2cc4534b0dd0e1c8d5b89644274a10c1

  • SHA1

    735ee2c15c0b7172f65d39f0fd33b9186ee69653

  • SHA256

    905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a

  • SHA512

    a842b2d171aa6efa1b391d5d0f84663e78021b485555e2bf10a5e589d8652057f5abbd88e1a5ec628b714692ec5d63c3172894aa7846d5897e87d99dad67e2b8

Malware Config

Targets

    • Target

      Interfaces.bin

    • Size

      1MB

    • MD5

      2cc4534b0dd0e1c8d5b89644274a10c1

    • SHA1

      735ee2c15c0b7172f65d39f0fd33b9186ee69653

    • SHA256

      905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a

    • SHA512

      a842b2d171aa6efa1b391d5d0f84663e78021b485555e2bf10a5e589d8652057f5abbd88e1a5ec628b714692ec5d63c3172894aa7846d5897e87d99dad67e2b8

    • WastedLocker

      Ransomware family seen in the wild since May 2020.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Possible privilege escalation attempt

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

    • Drops file in System32 directory

    • Modifies service

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Modify Existing Service

1
T1031

Hidden Files and Directories

1
T1158

Defense Evasion

File Deletion

2
T1107

File Permissions Modification

1
T1222

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Impact

Inhibit System Recovery

2
T1490

Tasks