5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367.sample

General
Target

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367.sample

Size

1MB

Sample

210726-znrw6w8316

Score
10 /10
MD5

572fea5f025df78f2d316216fbeee52e

SHA1

91b2bf44b1f9282c09f07f16631deaa3ad9d956d

SHA256

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

SHA512

eb238272227c5825477ff1e37dc4f7e467665049d4db5649fff59c39d7745e88b06234d6d1218c05c802e33e21577f9d4a533cb9e23ebe6fb09654f97759c187

Malware Config
Targets
Target

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367.sample

MD5

572fea5f025df78f2d316216fbeee52e

Filesize

1MB

Score
10 /10
SHA1

91b2bf44b1f9282c09f07f16631deaa3ad9d956d

SHA256

5cd04805f9753ca08b82e88c27bf5426d1d356bb26b281885573051048911367

SHA512

eb238272227c5825477ff1e37dc4f7e467665049d4db5649fff59c39d7745e88b06234d6d1218c05c802e33e21577f9d4a533cb9e23ebe6fb09654f97759c187

Tags

Signatures

  • WastedLocker

    Description

    Ransomware family seen in the wild since May 2020.

    Tags

  • CryptOne packer

    Description

    Detects CryptOne packer defined in NCC blogpost.

    Tags

  • Deletes shadow copies

    Description

    Ransomware often targets backup files to inhibit system recovery.

    Tags

    TTPs

    File Deletion Inhibit System Recovery
  • Executes dropped EXE

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Possible privilege escalation attempt

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Modifies file permissions

    Tags

    TTPs

    File Permissions Modification
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Discovery
          Execution
            Exfiltration
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation