Overview

overview

10

Static

static

70d06bd4e6...f3.exe

windows7_x64

10

70d06bd4e6...f3.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    70d06bd4e6a91b60bc8515e327fa1f9fb7ac82125e3c8a06359b5bb3f96e48f3.zip

  • Size

    526KB

  • Sample

    201104-abn29rhmv2

  • MD5

    5d5c78b8acd263349a954c5c5e8f247a

  • SHA1

    35f1fc9d3ac9ad806d1c60b45b4a8acc7fca79e2

  • SHA256

    bcd71b477c94eddf46abc65caa9c0c7d3e487814efe8c6aa67e7e96ed8738ba6

  • SHA512

    a54cf461f25a79b6d8adfde2095651374b12c9bf73120d891ac3642888bd9d1f0596532ad52e46265daffd72fa43776b78c3ccaa155cb904c23fcf04f13b4550

Score
10/10
lockypersistenceransomware

Malware Config

Targets

    • Target

      70d06bd4e6a91b60bc8515e327fa1f9fb7ac82125e3c8a06359b5bb3f96e48f3

    • Size

      594KB

    • MD5

      cf92bea857aea977023ad61ec6b6c980

    • SHA1

      3bd8631ef9a7cab613af223e33734e8f2a4bc0bb

    • SHA256

      70d06bd4e6a91b60bc8515e327fa1f9fb7ac82125e3c8a06359b5bb3f96e48f3

    • SHA512

      1e249b79a244d6d1877592607628efc79977a44d22f4a79b137e99f7d5e44cfd2fd235d5eaba5f6bddea5962e07455ee22fda284dec02b3be0ca1a76098dcba8

    Score
    10/10
    lockypersistenceransomware

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Modifies service

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks