General
-
Target
6d35b01dbe014c6efc18d587c2be5e12617e1681cc670ba5c49fe7ead9de780e.bin
-
Size
60KB
-
Sample
201103-eq7marrnz2
-
MD5
9b5f5e7d14bd7d73b5adda12d4015ef4
-
SHA1
a41daf00a0193a8d8583801f8cb20405d9678296
-
SHA256
6d35b01dbe014c6efc18d587c2be5e12617e1681cc670ba5c49fe7ead9de780e
-
SHA512
83042c7a33d27edd86e1d9303fb587c1456017d2a87ab82bba80a9360569432197ecc599b2b810d0f71c91d6f3116e390ea6244fc0630a972a50da8f825e18de
Malware Config
Targets
-
-
Target
6d35b01dbe014c6efc18d587c2be5e12617e1681cc670ba5c49fe7ead9de780e.bin
-
Size
60KB
-
MD5
9b5f5e7d14bd7d73b5adda12d4015ef4
-
SHA1
a41daf00a0193a8d8583801f8cb20405d9678296
-
SHA256
6d35b01dbe014c6efc18d587c2be5e12617e1681cc670ba5c49fe7ead9de780e
-
SHA512
83042c7a33d27edd86e1d9303fb587c1456017d2a87ab82bba80a9360569432197ecc599b2b810d0f71c91d6f3116e390ea6244fc0630a972a50da8f825e18de
Score10/10-
WastedLocker
Ransomware family seen in the wild since May 2020.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Possible privilege escalation attempt
-
Deletes itself
-
Loads dropped DLL
-
Modifies file permissions
-
Drops file in System32 directory
-
Modifies service
-