0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821.sample

General
Target

0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821.sample

Size

112KB

Sample

210726-xsbzf1661n

Score
10 /10
MD5

d01fc079881dc0d33a88e4f8df1ae7ce

SHA1

c40c8848808da12ef78c68de1e6477b862161a43

SHA256

0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821

SHA512

83bca79d1f0ac14c6d79685fd192964e7117e8c9c734036abddfdbb068c801ff38027a0812a2499e1d9e528a47af07150cafee27384b5a78b8fc32c23bd21130

Malware Config
Targets
Target

0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821.sample

MD5

d01fc079881dc0d33a88e4f8df1ae7ce

Filesize

112KB

Score
10 /10
SHA1

c40c8848808da12ef78c68de1e6477b862161a43

SHA256

0e061255b12ade5dc10f4ad9aeca9ebe5496d28ed251acb376c66c1d9f405821

SHA512

83bca79d1f0ac14c6d79685fd192964e7117e8c9c734036abddfdbb068c801ff38027a0812a2499e1d9e528a47af07150cafee27384b5a78b8fc32c23bd21130

Tags

Signatures

  • WastedLocker

    Description

    Ransomware family seen in the wild since May 2020.

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Possible privilege escalation attempt

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation