wastedlocker | 0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821 | Triage

Submit
Reports

Overview

overview

Static

static

9

0e061255b1...le.exe

windows7_x64

0e061255b1...le.exe

windows10_x64

Sharing

General

Target

0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821.sample
Size

112KB
Sample

210726-xsbzf1661n
MD5

d01fc079881dc0d33a88e4f8df1ae7ce
SHA1

c40c8848808da12ef78c68de1e6477b862161a43
SHA256

0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821
SHA512

83bca79d1f0ac14c6d79685fd192964e7117e8c9c734036abddfdbb068c801ff38027a0812a2499e1d9e528a47af07150cafee27384b5a78b8fc32c23bd21130

Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821.sample.exe

Resource

win7v20210410

wastedlocker cryptone discovery exploit packer ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821.sample.exe

Resource

win10v20210408

wastedlocker cryptone discovery exploit packer ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821.sample
- Size
  
  112KB
- MD5
  
  d01fc079881dc0d33a88e4f8df1ae7ce
- SHA1
  
  c40c8848808da12ef78c68de1e6477b862161a43
- SHA256
  
  0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821
- SHA512
  
  83bca79d1f0ac14c6d79685fd192964e7117e8c9c734036abddfdbb068c801ff38027a0812a2499e1d9e528a47af07150cafee27384b5a78b8fc32c23bd21130
Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware
- WastedLocker
  Ransomware family seen in the wild since May 2020.
  ransomware wastedlocker
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

wastedlockercryptonediscoveryexploitpackerransomware

behavioral2

wastedlockercryptonediscoveryexploitpackerransomware

© 2018-2024

Terms | Privacy