locky | e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4 | Triage

Submit
Reports

Overview

overview

Static

static

e5bafdd9d2...e4.exe

windows7_x64

e5bafdd9d2...e4.exe

windows10-2004_x64

Sharing

General

Target

e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4
Size

595KB
Sample

220305-13ryxabbbl
MD5

1c1a6b70b5e2b13c019d5cbdf0f12738
SHA1

d21b9d5ca7327bb1ca57aaf8752e7764a3334fe8
SHA256

e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4
SHA512

f6c37079d3f7ae55cfdb1e588830d30bad4b820afc7765c20081a501fe916c6b1b8aa78090801ecb7f3776ae8766987220af5a4eb2639b7d87f56721be7bc675

Score

10^/10

locky persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4.exe

Resource

win7-en-20211208

locky ransomware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4.exe

Resource

win10v2004-en-20220112

locky persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4
- Size
  
  595KB
- MD5
  
  1c1a6b70b5e2b13c019d5cbdf0f12738
- SHA1
  
  d21b9d5ca7327bb1ca57aaf8752e7764a3334fe8
- SHA256
  
  e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4
- SHA512
  
  f6c37079d3f7ae55cfdb1e588830d30bad4b820afc7765c20081a501fe916c6b1b8aa78090801ecb7f3776ae8766987220af5a4eb2639b7d87f56721be7bc675
Score

10^/10

locky ransomware persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

File Deletion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

lockyransomware

behavioral2

lockypersistenceransomware

© 2018-2024

Terms | Privacy