General

  • Target

    4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample

  • Size

    142KB

  • Sample

    210726-3gt8kcv9fe

  • MD5

    9dcb4b2e20be4c6d1f4bf4c2bf042bf2

  • SHA1

    f330758e727a129a4a9e8e031076c38b98efc2a6

  • SHA256

    4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6

  • SHA512

    67233aa8925420e8024b42ce5e2cbff9266ed8d539496a8976c5dfa284b457ccd93882ee4294488110f3099030d27afd85cf2c85f49d6b8bb81693bb8704ca16

Malware Config

Targets

    • Target

      4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample

    • Size

      142KB

    • MD5

      9dcb4b2e20be4c6d1f4bf4c2bf042bf2

    • SHA1

      f330758e727a129a4a9e8e031076c38b98efc2a6

    • SHA256

      4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6

    • SHA512

      67233aa8925420e8024b42ce5e2cbff9266ed8d539496a8976c5dfa284b457ccd93882ee4294488110f3099030d27afd85cf2c85f49d6b8bb81693bb8704ca16

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • suricata: ET MALWARE Locky CnC Checkin Dec 5 M1

    • suricata: ET MALWARE Locky CnC Checkin HTTP Pattern

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Sets desktop wallpaper using registry

MITRE ATT&CK Enterprise v6

Tasks