db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2.bin

General
Target

db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2.bin

Size

1MB

Sample

210316-kx75lxvtys

Score
10 /10
MD5

82d841869e912a772413bb37f30307b0

SHA1

b75ab0170c1206c345d2fb82506e816098328ee8

SHA256

db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2

SHA512

48078796a9aa03e685bebd14539586c099f30c3a1e18639d4acb810dc3bbb0dc14b09066797e79c34dcd91a120b08537aadf228585e226101384ade3fe2252c6

Malware Config
Targets
Target

db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2.bin

MD5

82d841869e912a772413bb37f30307b0

Filesize

1MB

Score
10 /10
SHA1

b75ab0170c1206c345d2fb82506e816098328ee8

SHA256

db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2

SHA512

48078796a9aa03e685bebd14539586c099f30c3a1e18639d4acb810dc3bbb0dc14b09066797e79c34dcd91a120b08537aadf228585e226101384ade3fe2252c6

Tags

Signatures

  • WastedLocker

    Description

    Ransomware family seen in the wild since May 2020.

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Possible privilege escalation attempt

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation