Overview

overview

10

Static

static

8a58444a95...b0.exe

windows7_x64

10

8a58444a95...b0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8a58444a95e38acdb229aa1fcbfe207e685d1fb095b4915b7e85ea37a940bab0.zip

  • Size

    525KB

  • Sample

    201105-71qe5lnd6e

  • MD5

    4e6797b216495982ce8e2b110be1969f

  • SHA1

    93a43ad7b98a6fd202a41842c833e16a1aa32a94

  • SHA256

    510d5d1378a5f425b3b4f1beb4064b0efc13b79401fd424a47712ff17b1ec8db

  • SHA512

    30a0916af890e08bf0deae38ef3ca301e3392fb690940d626f989803b1c8d7a6f60f05dc81f7972029b93dcd9cc929604b2873caffe6c7d40aafb9e4cf12d775

Score
10/10
lockypersistenceransomware

Malware Config

Targets

    • Target

      8a58444a95e38acdb229aa1fcbfe207e685d1fb095b4915b7e85ea37a940bab0

    • Size

      576KB

    • MD5

      f62e0d79f8f442903fd5f4f5e9bc47ee

    • SHA1

      1f735d691e92301fe06447028f92949bf385301b

    • SHA256

      8a58444a95e38acdb229aa1fcbfe207e685d1fb095b4915b7e85ea37a940bab0

    • SHA512

      fb4dd2e38e8156b92757d48eabd037a505c96308eb924d5e44e3f84eef8922d4458c1badc269fa35e18da23c5886bb5fe89f30dc4559155d7da578a7e97a4a8d

    Score
    10/10
    lockypersistenceransomware

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Modifies service

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks