ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3.sample

General
Target

ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3.sample

Size

951KB

Sample

210726-q44nwe2fna

Score
10 /10
MD5

edbf07eaca4fff5f2d3f045567a9dc6f

SHA1

9292fa66c917bfa47e8012d302a69bec48e9b98c

SHA256

ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3

SHA512

731214358d4fcecdafe0d386a305a130185727b20704e6251e37ac5feb35eff8f3f31d8c740954feb57c699cc5975c3bb50fac5c5202c5933c4fe0dfd06bc8e6

Malware Config
Targets
Target

ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3.sample

MD5

edbf07eaca4fff5f2d3f045567a9dc6f

Filesize

951KB

Score
10 /10
SHA1

9292fa66c917bfa47e8012d302a69bec48e9b98c

SHA256

ed0632acb266a4ec3f51dd803c8025bccd654e53c64eb613e203c590897079b3

SHA512

731214358d4fcecdafe0d386a305a130185727b20704e6251e37ac5feb35eff8f3f31d8c740954feb57c699cc5975c3bb50fac5c5202c5933c4fe0dfd06bc8e6

Tags

Signatures

  • WastedLocker

    Description

    Ransomware family seen in the wild since May 2020.

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Possible privilege escalation attempt

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation