wastedlocker | 5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367 | Triage

Submit
Reports

Overview

overview

Static

static

9

5cd04805f9...le.exe

windows7_x64

5cd04805f9...le.exe

windows10_x64

Sharing

General

Target

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367.sample
Size

1.0MB
Sample

210726-znrw6w8316
MD5

572fea5f025df78f2d316216fbeee52e
SHA1

91b2bf44b1f9282c09f07f16631deaa3ad9d956d
SHA256

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367
SHA512

eb238272227c5825477ff1e37dc4f7e467665049d4db5649fff59c39d7745e88b06234d6d1218c05c802e33e21577f9d4a533cb9e23ebe6fb09654f97759c187

Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware

Static task

static1

cryptone packer

Behavioral task

behavioral1

Sample

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367.sample.exe

Resource

win7v20210410

wastedlocker cryptone discovery exploit packer ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367.sample.exe

Resource

win10v20210408

wastedlocker cryptone discovery exploit packer ransomware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367.sample
- Size
  
  1.0MB
- MD5
  
  572fea5f025df78f2d316216fbeee52e
- SHA1
  
  91b2bf44b1f9282c09f07f16631deaa3ad9d956d
- SHA256
  
  5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367
- SHA512
  
  eb238272227c5825477ff1e37dc4f7e467665049d4db5649fff59c39d7745e88b06234d6d1218c05c802e33e21577f9d4a533cb9e23ebe6fb09654f97759c187
Score

10^/10

wastedlocker cryptone discovery exploit packer ransomware
- WastedLocker
  Ransomware family seen in the wild since May 2020.
  ransomware wastedlocker
- CryptOne packer
  Detects CryptOne packer defined in NCC blogpost.
  cryptone packer
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Possible privilege escalation attempt
  exploit
- Deletes itself
- Loads dropped DLL
- Modifies file permissions
  discovery
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Privilege Escalation

Defense Evasion

File Deletion

File Permissions Modification

Hidden Files and Directories

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

Tasks

static1

behavioral1

wastedlockercryptonediscoveryexploitpackerransomware

behavioral2

wastedlockercryptonediscoveryexploitpackerransomware

© 2018-2024

Terms | Privacy