mountlocker | 7327676120[.]zip | Triage

Sharing

General

Target

7327676120.zip
Size

23KB
MD5

9751d290ab98854377c6368c08606f86
SHA1

55e81876cb6ed7e4aaa51bc88d1542ab6b5d815e
SHA256

1295a45f74431767419c5b594a416622726105a22deacb5fc039270d8e42523b
SHA512

cd43e674d88c6a7958179b5b8a5fb4ae4d16656b59412c46ec4f2ed5656566aa2a894e354587fb9a510d87150e1e7d855a165e435b867d67fe000e4ff5e7d856
SSDEEP

384:BPrTjl/WD5b7O+lkh1jW7JIsL205Wp/+gM/S7865Wt0Aju3mzPz/kCvB3jhc9Pb:BP3pWDE+lkh5W9POp/qW82ku2TCPb

Score

10^/10

mountlocker

Malware Config

Signatures

Detected Mount Locker ransomware 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/3104c4cd670651acb89456b10768dfd39896e1da2a3eda435b8dd25a145ff397	RANSOM_mountlocker

Mountlocker family
mountlocker

Files

7327676120.zip
.zip

Password: infected
3104c4cd670651acb89456b10768dfd39896e1da2a3eda435b8dd25a145ff397
.dll windows x64

Password: infected

1d30df1e5b7623c4b3e7485c04815cbd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetSystemTime

Sections

.text
Size: 26KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 21KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 14KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.SCY
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE