General

  • Target

    ab007094afec534a2aa64436f214866014a664e7399aeaf361790ede5eec6b56.sample

  • Size

    58KB

  • Sample

    210726-wgpkgan112

  • MD5

    33b80a574c6441baf5409a292aafb1cf

  • SHA1

    8048aba11ea6209d1f49fa4e12741050350557df

  • SHA256

    ab007094afec534a2aa64436f214866014a664e7399aeaf361790ede5eec6b56

  • SHA512

    52843695c364814c0d0d375f68f9c7202a26e492f59c01eaf23dd366da443ae6a02c2a7ff1748a033658808e900a61e097deb95c98de3744f2767faa040ddc00

Malware Config

Targets

    • Target

      ab007094afec534a2aa64436f214866014a664e7399aeaf361790ede5eec6b56.sample

    • Size

      58KB

    • MD5

      33b80a574c6441baf5409a292aafb1cf

    • SHA1

      8048aba11ea6209d1f49fa4e12741050350557df

    • SHA256

      ab007094afec534a2aa64436f214866014a664e7399aeaf361790ede5eec6b56

    • SHA512

      52843695c364814c0d0d375f68f9c7202a26e492f59c01eaf23dd366da443ae6a02c2a7ff1748a033658808e900a61e097deb95c98de3744f2767faa040ddc00

    • WastedLocker

      Ransomware family seen in the wild since May 2020.

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

    • Executes dropped EXE

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Possible privilege escalation attempt

    • Deletes itself

    • Loads dropped DLL

    • Modifies file permissions

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Hidden Files and Directories

1
T1158

Defense Evasion

File Deletion

2
T1107

File Permissions Modification

1
T1222

Hidden Files and Directories

1
T1158

Impact

Inhibit System Recovery

2
T1490

Tasks