General
-
Target
0fa0ad3dbf321d2c7c645aab928176d7a2d21b64d84d720829b67ad6c37381c7
-
Size
56KB
-
Sample
211129-nllz4sfag4
-
MD5
af2cac864d51827a760560a2d1df8fe8
-
SHA1
651f6e8aeb91cf84eb809a3d0fdcf67ba80c8339
-
SHA256
0fa0ad3dbf321d2c7c645aab928176d7a2d21b64d84d720829b67ad6c37381c7
-
SHA512
dbc929410cf09408086cdff6b5e03e143568296084929c19eefc045e5228676cbd40e6daaf3a39463c69ec87c1ca099f2f50dc92351cb802f3aa1642be205b86
Static task
static1
Behavioral task
behavioral1
Sample
0fa0ad3dbf321d2c7c645aab928176d7a2d21b64d84d720829b67ad6c37381c7.exe
Resource
win7-en-20211014
Behavioral task
behavioral2
Sample
0fa0ad3dbf321d2c7c645aab928176d7a2d21b64d84d720829b67ad6c37381c7.exe
Resource
win10-en-20211104
Malware Config
Extracted
\??\c:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\RecoveryManual.html
Extracted
\??\c:\RecoveryManual.html
Targets
-
-
Target
0fa0ad3dbf321d2c7c645aab928176d7a2d21b64d84d720829b67ad6c37381c7
-
Size
56KB
-
MD5
af2cac864d51827a760560a2d1df8fe8
-
SHA1
651f6e8aeb91cf84eb809a3d0fdcf67ba80c8339
-
SHA256
0fa0ad3dbf321d2c7c645aab928176d7a2d21b64d84d720829b67ad6c37381c7
-
SHA512
dbc929410cf09408086cdff6b5e03e143568296084929c19eefc045e5228676cbd40e6daaf3a39463c69ec87c1ca099f2f50dc92351cb802f3aa1642be205b86
Score10/10-
MountLocker Ransomware
Ransomware family first seen in late 2020, which threatens to leak files if ransom is not paid.
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Drops desktop.ini file(s)
-