Overview

overview

10

Static

static

9

db665f26db...b2.exe

windows7_x64

10

db665f26db...b2.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2

  • Size

    1.2MB

  • Sample

    210318-anhybp1d5e

  • MD5

    82d841869e912a772413bb37f30307b0

  • SHA1

    b75ab0170c1206c345d2fb82506e816098328ee8

  • SHA256

    db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2

  • SHA512

    48078796a9aa03e685bebd14539586c099f30c3a1e18639d4acb810dc3bbb0dc14b09066797e79c34dcd91a120b08537aadf228585e226101384ade3fe2252c6

Score
10/10
wastedlockercryptonediscoveryexploitpackerransomware

Malware Config

Targets

    • Target

      db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2

    • Size

      1.2MB

    • MD5

      82d841869e912a772413bb37f30307b0

    • SHA1

      b75ab0170c1206c345d2fb82506e816098328ee8

    • SHA256

      db665f26dbc4ca92d326f2cb98faafb9e84d404346b201cd88bec91ce4206bb2

    • SHA512

      48078796a9aa03e685bebd14539586c099f30c3a1e18639d4acb810dc3bbb0dc14b09066797e79c34dcd91a120b08537aadf228585e226101384ade3fe2252c6

    Score
    10/10
    wastedlockercryptonediscoveryexploitpackerransomware

    • WastedLocker

      Ransomware family seen in the wild since May 2020.

      ransomwarewastedlocker

    • CryptOne packer

      Detects CryptOne packer defined in NCC blogpost.

      cryptonepacker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Possible privilege escalation attempt

      exploit

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

      discovery

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks