Overview

overview

10

Static

static

226a723ffb...f2.exe

windows7_x64

10

226a723ffb...f2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2.zip

  • Size

    68KB

  • Sample

    201122-a14ms1r5dj

  • MD5

    ef22d537796a83703a9e509e1df8e0af

  • SHA1

    818c3ce7d75f82b8b41510fd271d3b2aa8a318ad

  • SHA256

    8d6ed5c6016d0458ad1e7f089e22aa75537f768dd485ed8c09c37eac2a1a72f0

  • SHA512

    5c8edebbcc5d47f68c5f7e3930cab97386105fc1e30926e679fed41149639aaae1e65c938d2d71661b2dfd2d98871a064ff78de3640a9fd2961655bfb79c7c26

Score
10/10
mountlockerpersistenceransomware

Malware Config

Targets

    • Target

      226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2.exe

    • Size

      200KB

    • MD5

      c2671bf5b5dedbfd3cfe3f0f944fbe01

    • SHA1

      da3e830011e6f9d41dd6c93fdb48c47c1c6e35e1

    • SHA256

      226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2

    • SHA512

      256bc8582cc9b53b3cf9307a2882117476648ab9df540d501fc5f46a4030beacab9df2019f2d83b0a63d510803cbf6cbae01dc1325588f93a1a74521a07fe4d9

    Score
    10/10
    mountlockerpersistenceransomware

    • MountLocker Ransomware

      Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.

      ransomwaremountlocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops desktop.ini file(s)

    • Modifies service

      persistence
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks