905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a.sample

General
Target

905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a.sample

Size

1MB

Sample

210726-as33lfaqq6

Score
10 /10
MD5

2cc4534b0dd0e1c8d5b89644274a10c1

SHA1

735ee2c15c0b7172f65d39f0fd33b9186ee69653

SHA256

905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a

SHA512

a842b2d171aa6efa1b391d5d0f84663e78021b485555e2bf10a5e589d8652057f5abbd88e1a5ec628b714692ec5d63c3172894aa7846d5897e87d99dad67e2b8

Malware Config
Targets
Target

905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a.sample

MD5

2cc4534b0dd0e1c8d5b89644274a10c1

Filesize

1MB

Score
10 /10
SHA1

735ee2c15c0b7172f65d39f0fd33b9186ee69653

SHA256

905ea119ad8d3e54cd228c458a1b5681abc1f35df782977a23812ec4efa0288a

SHA512

a842b2d171aa6efa1b391d5d0f84663e78021b485555e2bf10a5e589d8652057f5abbd88e1a5ec628b714692ec5d63c3172894aa7846d5897e87d99dad67e2b8

Tags

Signatures

  • WastedLocker

    Description

    Ransomware family seen in the wild since May 2020.

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Possible privilege escalation attempt

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation