General
-
Target
xxxx.exe
-
Size
66KB
-
Sample
210512-a69sym5d1e
-
MD5
3808f21e56dede99bc914d90aeabe47a
-
SHA1
93cc73149d4bb34830a2cb2a3047e9267b9e3080
-
SHA256
4a5ac3c6f8383cc33c795804ba5f7f5553c029bbb4a6d28f1e4d8fb5107902c1
-
SHA512
4ae55145cca3a6f1ed3feff5b2bd38121e37c4cc528e08d5de771bcc4855994560bfc8c22898d73c5b259e37d2dc803615b8f6ec859e53918bd7a1ffee9316b3
Static task
static1
Behavioral task
behavioral1
Sample
xxxx.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
xxxx.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Users\Admin\Desktop\RecoveryManual.html
http://w6ilafwwrgtrmilorzqex6pgpvfsa667fydca2wpoluj6sajka225byd.onion/?cid=879538e20b82e80052dd5f7ef9ad50777f29ea9b401bf59e2f5189fb60588831
Targets
-
-
Target
xxxx.exe
-
Size
66KB
-
MD5
3808f21e56dede99bc914d90aeabe47a
-
SHA1
93cc73149d4bb34830a2cb2a3047e9267b9e3080
-
SHA256
4a5ac3c6f8383cc33c795804ba5f7f5553c029bbb4a6d28f1e4d8fb5107902c1
-
SHA512
4ae55145cca3a6f1ed3feff5b2bd38121e37c4cc528e08d5de771bcc4855994560bfc8c22898d73c5b259e37d2dc803615b8f6ec859e53918bd7a1ffee9316b3
Score10/10-
MountLocker Ransomware
Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops desktop.ini file(s)
-