Resubmissions

21-04-2021 05:57

210421-6629fr1gja 10

20-04-2021 23:42

210420-mt2kpcnwbx 10

20-04-2021 23:39

210420-4kmcwg1k3a 10

General

  • Target

    43064ebb9fccce989e8a8ebe2e8ee5df154b55f7b94d933e0cf7dba6ac765f00.exe

  • Size

    4.5MB

  • Sample

    210421-6629fr1gja

  • MD5

    787d10a041bd8d2654b6f14467f123d7

  • SHA1

    0dc98264957990391bd375a3e9ce9f0e047c1075

  • SHA256

    43064ebb9fccce989e8a8ebe2e8ee5df154b55f7b94d933e0cf7dba6ac765f00

  • SHA512

    dbb450db73b030531b57fb5809b22b60730e13445ff02a032be5abb3668285122564cc1792fc3f44520a434b48656de7a22e931cc35d762a0704078f7021686f

Score
10/10

Malware Config

Targets

    • Target

      43064ebb9fccce989e8a8ebe2e8ee5df154b55f7b94d933e0cf7dba6ac765f00.exe

    • Size

      4.5MB

    • MD5

      787d10a041bd8d2654b6f14467f123d7

    • SHA1

      0dc98264957990391bd375a3e9ce9f0e047c1075

    • SHA256

      43064ebb9fccce989e8a8ebe2e8ee5df154b55f7b94d933e0cf7dba6ac765f00

    • SHA512

      dbb450db73b030531b57fb5809b22b60730e13445ff02a032be5abb3668285122564cc1792fc3f44520a434b48656de7a22e931cc35d762a0704078f7021686f

    Score
    10/10
    • MountLocker Ransomware

      Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hidden Files and Directories

1
T1158

Defense Evasion

File Deletion

2
T1107

Modify Registry

1
T1112

Hidden Files and Directories

1
T1158

Impact

Inhibit System Recovery

2
T1490

Tasks