887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d.sample

General
Target

887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d.sample

Size

1MB

Sample

210726-7za2gl29gn

Score
10 /10
MD5

6b20ef8fb494cc6e455220356de298d0

SHA1

763d356d30e81d1cd15f6bc6a31f96181edb0b8f

SHA256

887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d

SHA512

ef53b73a911a608439bf929fa66a66fbf015ed274735b91c1d3b08128b14d6514d5514157e541441b9de0827d068c8f514cfd24a3a52fecb2d09764c4fb3311a

Malware Config
Targets
Target

887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d.sample

MD5

6b20ef8fb494cc6e455220356de298d0

Filesize

1MB

Score
10 /10
SHA1

763d356d30e81d1cd15f6bc6a31f96181edb0b8f

SHA256

887aac61771af200f7e58bf0d02cb96d9befa11deda4e448f0a700ccb186ce9d

SHA512

ef53b73a911a608439bf929fa66a66fbf015ed274735b91c1d3b08128b14d6514d5514157e541441b9de0827d068c8f514cfd24a3a52fecb2d09764c4fb3311a

Tags

Signatures

  • WastedLocker

    Description

    Ransomware family seen in the wild since May 2020.

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Possible privilege escalation attempt

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation