locky | 4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6 | Triage

Submit
Reports

Overview

overview

Static

static

4d5120b499...le.exe

windows7_x64

4d5120b499...le.exe

windows10_x64

Sharing

General

Target

4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample
Size

142KB
Sample

210726-3gt8kcv9fe
MD5

9dcb4b2e20be4c6d1f4bf4c2bf042bf2
SHA1

f330758e727a129a4a9e8e031076c38b98efc2a6
SHA256

4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6
SHA512

67233aa8925420e8024b42ce5e2cbff9266ed8d539496a8976c5dfa284b457ccd93882ee4294488110f3099030d27afd85cf2c85f49d6b8bb81693bb8704ca16

Score

10^/10

locky locky_osiris ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample.exe

Resource

win7v20210408

locky locky_osiris ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample.exe

Resource

win10v20210410

locky locky_osiris ransomware suricata

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6.sample
- Size
  
  142KB
- MD5
  
  9dcb4b2e20be4c6d1f4bf4c2bf042bf2
- SHA1
  
  f330758e727a129a4a9e8e031076c38b98efc2a6
- SHA256
  
  4d5120b49993002b1a1a77298b0e9e486a0aa75eb9fb14fe3c6682a9870203f6
- SHA512
  
  67233aa8925420e8024b42ce5e2cbff9266ed8d539496a8976c5dfa284b457ccd93882ee4294488110f3099030d27afd85cf2c85f49d6b8bb81693bb8704ca16
Score

10^/10

locky locky_osiris ransomware suricata
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- suricata: ET MALWARE Locky CnC Checkin Dec 5 M1
  suricata
- suricata: ET MALWARE Locky CnC Checkin HTTP Pattern
  suricata
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisransomwaresuricata

behavioral2

lockylocky_osirisransomwaresuricata

© 2018-2024

Terms | Privacy