wastedlocker | ef6b588a8b3d3ca409eb2ac15b38bfedcaf9f6bcede91e38b15ae6ba2ef9e518 | Triage

Submit
Reports

Overview

overview

Static

static

9

ef6b588a8b...18.exe

windows7_x64

ef6b588a8b...18.exe

windows10_x64

Sharing

General

Target

ef6b588a8b3d3ca409eb2ac15b38bfedcaf9f6bcede91e38b15ae6ba2ef9e518.exe
Size

113KB
Sample

210504-pcbjbfxd4n
MD5

0332ce73221dc1b6d26b5f5fa0f06318
SHA1

872e61c0a08c9dea4388d5c897b3d7ed3e8c13b7
SHA256

ef6b588a8b3d3ca409eb2ac15b38bfedcaf9f6bcede91e38b15ae6ba2ef9e518
SHA512

71482a7798e70ab8176d88e3bfaec0c823118aa19c21b7afdb69f5fd031a91fef4e3d04a05c0ac0752df5904be32e6a9895448f62ee23b015f5e563c29385702

Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

ef6b588a8b3d3ca409eb2ac15b38bfedcaf9f6bcede91e38b15ae6ba2ef9e518.exe

Resource

win7v20210408

wastedlocker cryptone discovery exploit packer ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ef6b588a8b3d3ca409eb2ac15b38bfedcaf9f6bcede91e38b15ae6ba2ef9e518.exe

Resource

win10v20210410

wastedlocker cryptone discovery exploit packer ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ef6b588a8b3d3ca409eb2ac15b38bfedcaf9f6bcede91e38b15ae6ba2ef9e518.exe
- Size
  
  113KB
- MD5
  
  0332ce73221dc1b6d26b5f5fa0f06318
- SHA1
  
  872e61c0a08c9dea4388d5c897b3d7ed3e8c13b7
- SHA256
  
  ef6b588a8b3d3ca409eb2ac15b38bfedcaf9f6bcede91e38b15ae6ba2ef9e518
- SHA512
  
  71482a7798e70ab8176d88e3bfaec0c823118aa19c21b7afdb69f5fd031a91fef4e3d04a05c0ac0752df5904be32e6a9895448f62ee23b015f5e563c29385702
Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware
- WastedLocker
  Ransomware family seen in the wild since May 2020.
  ransomware wastedlocker
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File and Directory Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

wastedlockercryptonediscoveryexploitpackerransomware

behavioral2

wastedlockercryptonediscoveryexploitpackerransomware

© 2018-2025

Terms | Privacy