General
-
Target
226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2.exe
-
Size
200KB
-
Sample
201122-22q4hhjpxx
-
MD5
c2671bf5b5dedbfd3cfe3f0f944fbe01
-
SHA1
da3e830011e6f9d41dd6c93fdb48c47c1c6e35e1
-
SHA256
226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2
-
SHA512
256bc8582cc9b53b3cf9307a2882117476648ab9df540d501fc5f46a4030beacab9df2019f2d83b0a63d510803cbf6cbae01dc1325588f93a1a74521a07fe4d9
Static task
static1
Behavioral task
behavioral1
Sample
226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2.exe
Resource
win10v20201028
Behavioral task
behavioral2
Sample
226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2.exe
Resource
win7v20201028
Malware Config
Extracted
C:\Users\Admin\Desktop\RecoveryManual.html
SloanAlbert@protonmail.com
http://soxbhgx23tabwh2k447b2tljcu5tktdc2elmi2ls7huzntrhknygxsqd.onion/?cid=aa0a8ea69e22c4a789b451ab4101d8502c89be06cda603cbe00577a9cc00a153
Extracted
C:\Users\Admin\Desktop\RecoveryManual.html
SloanAlbert@protonmail.com
http://soxbhgx23tabwh2k447b2tljcu5tktdc2elmi2ls7huzntrhknygxsqd.onion/?cid=aa0a8ea69e22c4a789b451ab4101d850248bb602c3a203cbe00577a9cc00a13b
Targets
-
-
Target
226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2.exe
-
Size
200KB
-
MD5
c2671bf5b5dedbfd3cfe3f0f944fbe01
-
SHA1
da3e830011e6f9d41dd6c93fdb48c47c1c6e35e1
-
SHA256
226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2
-
SHA512
256bc8582cc9b53b3cf9307a2882117476648ab9df540d501fc5f46a4030beacab9df2019f2d83b0a63d510803cbf6cbae01dc1325588f93a1a74521a07fe4d9
Score10/10-
MountLocker Ransomware
Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.
-
Modifies WinLogon to allow AutoLogon
Enables rebooting of the machine without requiring login credentials.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops desktop.ini file(s)
-
Modifies service
-