General
-
Target
lock.exe
-
Size
2.2MB
-
Sample
211113-q61ecafag6
-
MD5
fc93ecb882fbc1bac46aaf4232ce9b66
-
SHA1
e4cfd33fc8f20f05b07299845268a54dd33ffced
-
SHA256
7f65f443d129dcfc59b3c2a001b5a1f3cda092b3008e62a73ab87ba8f782b215
-
SHA512
2fffaf9f8c2305be7c55bc23b8822dab5ce961332833e0bffbb6cbbee01f97907e4b5b4e573b682f66b5309d462302e1db7df0f6df3b34dccaf323357dc2efca
Static task
static1
Behavioral task
behavioral1
Sample
lock.exe
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
lock.exe
Resource
win10-en-20211104
Malware Config
Extracted
\??\c:\users\Admin\Desktop\readme.txt
http://y2cyumvhavcecc6kr5tpat5gdnz2lsw5ucjxbv7s2ggxsh7gj57omuyd.onion/6667
Targets
-
-
Target
lock.exe
-
Size
2.2MB
-
MD5
fc93ecb882fbc1bac46aaf4232ce9b66
-
SHA1
e4cfd33fc8f20f05b07299845268a54dd33ffced
-
SHA256
7f65f443d129dcfc59b3c2a001b5a1f3cda092b3008e62a73ab87ba8f782b215
-
SHA512
2fffaf9f8c2305be7c55bc23b8822dab5ce961332833e0bffbb6cbbee01f97907e4b5b4e573b682f66b5309d462302e1db7df0f6df3b34dccaf323357dc2efca
Score10/10-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops file in System32 directory
-