wastedlocker | ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3 | Triage

Submit
Reports

Overview

overview

Static

static

9

ed0632acb2...le.exe

windows7_x64

ed0632acb2...le.exe

windows10_x64

Sharing

General

Target

ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3.sample
Size

951KB
Sample

210726-q44nwe2fna
MD5

edbf07eaca4fff5f2d3f045567a9dc6f
SHA1

9292fa66c917bfa47e8012d302a69bec48e9b98c
SHA256

ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3
SHA512

731214358d4fcecdafe0d386a305a130185727b20704e6251e37ac5feb35eff8f3f31d8c740954feb57c699cc5975c3bb50fac5c5202c5933c4fe0dfd06bc8e6

Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3.sample.exe

Resource

win7v20210410

wastedlocker cryptone discovery exploit packer ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3.sample.exe

Resource

win10v20210408

wastedlocker cryptone discovery exploit packer ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3.sample
- Size
  
  951KB
- MD5
  
  edbf07eaca4fff5f2d3f045567a9dc6f
- SHA1
  
  9292fa66c917bfa47e8012d302a69bec48e9b98c
- SHA256
  
  ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3
- SHA512
  
  731214358d4fcecdafe0d386a305a130185727b20704e6251e37ac5feb35eff8f3f31d8c740954feb57c699cc5975c3bb50fac5c5202c5933c4fe0dfd06bc8e6
Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware
- WastedLocker
  Ransomware family seen in the wild since May 2020.
  ransomware wastedlocker
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

wastedlockercryptonediscoveryexploitpackerransomware

behavioral2

wastedlockercryptonediscoveryexploitpackerransomware

© 2018-2024

Terms | Privacy