locky | da0c0089713cfd5b47f425f23c23f9a9d82e62000873747dce1a73220319f93e | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...98.exe

windows7_x64

SecuriteIn...98.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.FileCryptor.PSW.3725.32198
Size

621KB
Sample

201109-ygyawtat2a
MD5

35ac4323f2ba28cc314cc9cd8be87326
SHA1

23177683c38774505bbfaaeba9060659d1086d85
SHA256

da0c0089713cfd5b47f425f23c23f9a9d82e62000873747dce1a73220319f93e
SHA512

a0e8acd3850bbae521130dd4bc67692a4fc9b5c2a7d33c4d31666c99347603a301cd24f63c1fa5e4ac63f8e1bda6dbdf048f248ab96f2a7d1d899372846ca8e4

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.FileCryptor.PSW.3725.32198.exe

Resource

win7v20201028

locky persistence ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.FileCryptor.PSW.3725.32198.exe

Resource

win10v20201028

locky persistence ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  SecuriteInfo.com.FileCryptor.PSW.3725.32198
- Size
  
  621KB
- MD5
  
  35ac4323f2ba28cc314cc9cd8be87326
- SHA1
  
  23177683c38774505bbfaaeba9060659d1086d85
- SHA256
  
  da0c0089713cfd5b47f425f23c23f9a9d82e62000873747dce1a73220319f93e
- SHA512
  
  a0e8acd3850bbae521130dd4bc67692a4fc9b5c2a7d33c4d31666c99347603a301cd24f63c1fa5e4ac63f8e1bda6dbdf048f248ab96f2a7d1d899372846ca8e4
Score

10^/10

locky persistence ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Modifies service
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Defacement

Tasks

static1

behavioral1

lockypersistenceransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy