Analysis

  • max time kernel
    84s
  • max time network
    9s
  • platform
    windows7_x64
  • resource
    win7v20201028
  • submitted
    22/11/2020, 00:17

General

  • Target

    226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2.exe

  • Size

    200KB

  • MD5

    c2671bf5b5dedbfd3cfe3f0f944fbe01

  • SHA1

    da3e830011e6f9d41dd6c93fdb48c47c1c6e35e1

  • SHA256

    226a723ffb4a91d9950a8b266167c5b354ab0db1dc225578494917fe53867ef2

  • SHA512

    256bc8582cc9b53b3cf9307a2882117476648ab9df540d501fc5f46a4030beacab9df2019f2d83b0a63d510803cbf6cbae01dc1325588f93a1a74521a07fe4d9

Malware Config

Signatures

  • MountLocker Ransomware

    Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.

  • Deletes shadow copies 2 TTPs

    Ransomware often targets backup files to inhibit system recovery.

  • Modifies extensions of user files 9 IoCs

    Ransomware generally changes the extension on encrypted files.

  • Deletes itself 1 IoCs
  • Drops desktop.ini file(s) 29 IoCs
  • Modifies service 2 TTPs 4 IoCs
  • Drops file in Program Files directory 9149 IoCs