General
-
Target
4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample
-
Size
142KB
-
Sample
210726-3gt8kcv9fe
-
MD5
9dcb4b2e20be4c6d1f4bf4c2bf042bf2
-
SHA1
f330758e727a129a4a9e8e031076c38b98efc2a6
-
SHA256
4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6
-
SHA512
67233aa8925420e8024b42ce5e2cbff9266ed8d539496a8976c5dfa284b457ccd93882ee4294488110f3099030d27afd85cf2c85f49d6b8bb81693bb8704ca16
Static task
static1
Behavioral task
behavioral1
Sample
4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample.exe
Resource
win7v20210408
Behavioral task
behavioral2
Sample
4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample.exe
Resource
win10v20210410
Malware Config
Targets
-
-
Target
4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample
-
Size
142KB
-
MD5
9dcb4b2e20be4c6d1f4bf4c2bf042bf2
-
SHA1
f330758e727a129a4a9e8e031076c38b98efc2a6
-
SHA256
4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6
-
SHA512
67233aa8925420e8024b42ce5e2cbff9266ed8d539496a8976c5dfa284b457ccd93882ee4294488110f3099030d27afd85cf2c85f49d6b8bb81693bb8704ca16
Score10/10-
Locky (Osiris variant)
Variant of the Locky ransomware seen in the wild since early 2017.
-
suricata: ET MALWARE Locky CnC Checkin Dec 5 M1
-
suricata: ET MALWARE Locky CnC Checkin HTTP Pattern
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Sets desktop wallpaper using registry
-