General
-
Target
03abedd5_by_Libranalysis
-
Size
7.5MB
-
Sample
210507-4fehx6njtj
-
MD5
03abedd54bae86de91c0514b216e4c82
-
SHA1
ec656486b06e821a10a28e252ede610c45ebbd4c
-
SHA256
1059e8879dc495dd2239beba0b3533165ffebcab8dd5d194f32cbfa4c200752d
-
SHA512
eae1052b94a0f1c89f6e4a4ccab7cae463750f5bd35c153591a5fd6b1cd8798666fa701b9ab1f02bbe8fa29884029e7e39af8ab5513a4586fe3cabed4f25bed1
Static task
static1
Behavioral task
behavioral1
Sample
03abedd5_by_Libranalysis.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
03abedd5_by_Libranalysis.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Users\Admin\LOCKY-README.txt
http://pylockyrkumqih5l.onion/index.php
http://pylockyrkumqih5l.onion/index.php에서
Extracted
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
http://pylockyrkumqih5l.onion/index.php
http://pylockyrkumqih5l.onion/index.php에서
Extracted
C:\Users\Admin\LOCKY-README.txt
http://pylockyrkumqih5l.onion/index.php
http://pylockyrkumqih5l.onion/index.php에서
Extracted
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\brndlog.txt
http://pylockyrkumqih5l.onion/index.php
http://pylockyrkumqih5l.onion/index.php에서
Targets
-
-
Target
03abedd5_by_Libranalysis
-
Size
7.5MB
-
MD5
03abedd54bae86de91c0514b216e4c82
-
SHA1
ec656486b06e821a10a28e252ede610c45ebbd4c
-
SHA256
1059e8879dc495dd2239beba0b3533165ffebcab8dd5d194f32cbfa4c200752d
-
SHA512
eae1052b94a0f1c89f6e4a4ccab7cae463750f5bd35c153591a5fd6b1cd8798666fa701b9ab1f02bbe8fa29884029e7e39af8ab5513a4586fe3cabed4f25bed1
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops startup file
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-