locky | c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...67.exe

windows7_x64

SecuriteIn...67.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.FileCryptor.PTG.13500.21467
Size

625KB
Sample

201109-186xrefec6
MD5

1934bc240ae9e8e101490a9dab13c079
SHA1

a0218048aaca34259d0651d911b81f9f12a30326
SHA256

c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3
SHA512

c7f3c47a2be2be14387f762164db8b4d097cddd1f72efa0e81e59379b1e44cb7f71b56c05920ecbadc6662c58d9bb84d2c8dd4ffae9ecbae67bf0d8978a8a5d5

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.FileCryptor.PTG.13500.21467.exe

Resource

win7v20201028

locky persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.FileCryptor.PTG.13500.21467.exe

Resource

win10v20201028

locky persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.FileCryptor.PTG.13500.21467
- Size
  
  625KB
- MD5
  
  1934bc240ae9e8e101490a9dab13c079
- SHA1
  
  a0218048aaca34259d0651d911b81f9f12a30326
- SHA256
  
  c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3
- SHA512
  
  c7f3c47a2be2be14387f762164db8b4d097cddd1f72efa0e81e59379b1e44cb7f71b56c05920ecbadc6662c58d9bb84d2c8dd4ffae9ecbae67bf0d8978a8a5d5
Score

10^/10

locky persistence ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

lockypersistenceransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy