General

  • Target

    8514a2eca4090f400a43c4af915eb3ef6e9c15dabe69716189e7c68c72cfa285.zip

  • Size

    530KB

  • Sample

    201105-8lgwryt8mj

  • MD5

    346819af694216773e1f6e3fbf1db1f5

  • SHA1

    db019e217617d7b85fb39d98b49e5f25ee80cba2

  • SHA256

    87f7c04e91789574ed974c8374f57d55e0de18cf328cce1bba942431de1b50d7

  • SHA512

    a101386d1064f68fbfa67a4caf4104e7c93c3dc0a5453fdeb2bd9cd8432c8529b3fa224a8363f109fb3ba7ad1b11ed217cbb4bd407e7b12b692b628553972f24

Malware Config

Targets

    • Target

      8514a2eca4090f400a43c4af915eb3ef6e9c15dabe69716189e7c68c72cfa285

    • Size

      617KB

    • MD5

      d14bc9efe80aeb7d172cbb590f80eba7

    • SHA1

      9d6ea38d9a33446488e3a53ca35669f7ded2b747

    • SHA256

      8514a2eca4090f400a43c4af915eb3ef6e9c15dabe69716189e7c68c72cfa285

    • SHA512

      cb22f3c7d3f35cc4d149d88caf128229c396123997b52c2dfb70203cbb671f967c20bb1615ec84227d1207d50cacd32daf1360f076d42c50b113949074192b58

    • Locky (Lukitus variant)

      Variant of the Locky ransomware seen in the wild since late 2017.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks