Overview

overview

10

Static

static

SecuriteIn...98.exe

windows7_x64

10

SecuriteIn...98.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.FileCryptor.PSW.3725.32198

  • Size

    621KB

  • Sample

    201109-ygyawtat2a

  • MD5

    35ac4323f2ba28cc314cc9cd8be87326

  • SHA1

    23177683c38774505bbfaaeba9060659d1086d85

  • SHA256

    da0c0089713cfd5b47f425f23c23f9a9d82e62000873747dce1a73220319f93e

  • SHA512

    a0e8acd3850bbae521130dd4bc67692a4fc9b5c2a7d33c4d31666c99347603a301cd24f63c1fa5e4ac63f8e1bda6dbdf048f248ab96f2a7d1d899372846ca8e4

Score
10/10
lockypersistenceransomware

Malware Config

Targets

    • Target

      SecuriteInfo.com.FileCryptor.PSW.3725.32198

    • Size

      621KB

    • MD5

      35ac4323f2ba28cc314cc9cd8be87326

    • SHA1

      23177683c38774505bbfaaeba9060659d1086d85

    • SHA256

      da0c0089713cfd5b47f425f23c23f9a9d82e62000873747dce1a73220319f93e

    • SHA512

      a0e8acd3850bbae521130dd4bc67692a4fc9b5c2a7d33c4d31666c99347603a301cd24f63c1fa5e4ac63f8e1bda6dbdf048f248ab96f2a7d1d899372846ca8e4

    Score
    10/10
    lockypersistenceransomware

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Modifies service

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks