Overview

overview

10

Static

static

e7c277aae6...37.exe

windows7_x64

10

e7c277aae6...37.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037.zip

  • Size

    186KB

  • Sample

    201122-8zgjp3syg6

  • MD5

    843fe43bb50591d0a4f20134d97d53b8

  • SHA1

    4a6f1b7bd9fd2bd698d40477e5e9d795f3c44eba

  • SHA256

    a3c747562b6543619da8d98a23a946888e797256a77d97fec5c961366465175b

  • SHA512

    6205b2b64037cbfa5d56d7b1d1249f990778da67534d88404a14c2206ba7fb18c67bf9fddb3a2e1236d2380a54c0628a79197600554bf43d32b85eceb5d3c6fb

Score
10/10
mountlockerpersistenceransomware

Malware Config

Targets

    • Target

      e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037.exe

    • Size

      532KB

    • MD5

      76f547c793b5478b970c64caf04d01d4

    • SHA1

      f9eb40f6d3d4c83852e3781886db762bef8564e0

    • SHA256

      e7c277aae66085f1e0c4789fe51cac50e3ea86d79c8a242ffc066ed0b0548037

    • SHA512

      91e91a8b693cb253f281411260611a221a113b342eaa642a9d6597aaf86c138ee2aa28ade10218a814ae34016e6d70824e36786497476ab704defddf60e33e17

    Score
    10/10
    mountlockerpersistenceransomware

    • MountLocker Ransomware

      Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.

      ransomwaremountlocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops desktop.ini file(s)

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks