wastedlocker | e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb | Triage

Submit
Reports

Overview

overview

Static

static

wastlock_15.exe

windows7_x64

wastlock_15.exe

windows10_x64

Sharing

General

Target

wastlock_15.exe
Size

1.1MB
Sample

200831-5g6hq8r68a
MD5

f67ea8e471e827e4b7b65b65647d1d46
SHA1

e62d3a4fe0da1b1b8e9bcff3148becd6d02bcb07
SHA256

e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
SHA512

b6b2cc29a5c5247d4a68ec7e7d0080e2f6e460eee98ece85498fe25b044beea8d3e15139bcdbaad744c6fb3e9caff7a127bd4487ba35c191a57883e2b47aecc4

Score

10^/10

wastedlocker discovery exploit persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

wastlock_15.exe

Resource

win7

discovery exploit ransomware wastedlocker persistence

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

wastlock_15.exe

Resource

win10

ransomware persistence discovery exploit wastedlocker

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  wastlock_15.exe
- Size
  
  1.1MB
- MD5
  
  f67ea8e471e827e4b7b65b65647d1d46
- SHA1
  
  e62d3a4fe0da1b1b8e9bcff3148becd6d02bcb07
- SHA256
  
  e3bf41de3a7edf556d43b6196652aa036e48a602bb3f7c98af9dae992222a8eb
- SHA512
  
  b6b2cc29a5c5247d4a68ec7e7d0080e2f6e460eee98ece85498fe25b044beea8d3e15139bcdbaad744c6fb3e9caff7a127bd4487ba35c191a57883e2b47aecc4
Score

10^/10

discovery exploit ransomware wastedlocker persistence
- WastedLocker
  Ransomware family seen in the wild since May 2020.
  ransomware wastedlocker
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
- Modifies service
  persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Modify Registry

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

discoveryexploitransomwarewastedlockerpersistence

behavioral2

ransomwarepersistencediscoveryexploitwastedlocker

© 2018-2024

Terms | Privacy