General
-
Target
tmp
-
Size
484KB
-
Sample
220520-x17d2affcl
-
MD5
8b062fa952cc294d7db09794e2d44ce0
-
SHA1
ce13e42217f7d0e950dd8ae5ee5ec8d5be6af177
-
SHA256
71d0c896720e01be1b6b095fc8917bcac38f8bc8ed3caba8bf9c2a4fcdde1747
-
SHA512
a6643699544db21955c927e9a7cdfd1c056c7078e27d9c68ff68865c240ff3dfd0f8aecd7f4926b9746eaa989b3cbef681e5ffd19c643cd02a7faba2534ed26d
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
tmp.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Restore-My-Files.txt
DecryptionCenter@gmail.com
DecryptionCenter@outlook.com
Extracted
C:\Users\Admin\AppData\Local\Temp\info.hta
DecryptionCenter@gmail.com
DecryptionCenter@outlook.com
Targets
-
-
Target
tmp
-
Size
484KB
-
MD5
8b062fa952cc294d7db09794e2d44ce0
-
SHA1
ce13e42217f7d0e950dd8ae5ee5ec8d5be6af177
-
SHA256
71d0c896720e01be1b6b095fc8917bcac38f8bc8ed3caba8bf9c2a4fcdde1747
-
SHA512
a6643699544db21955c927e9a7cdfd1c056c7078e27d9c68ff68865c240ff3dfd0f8aecd7f4926b9746eaa989b3cbef681e5ffd19c643cd02a7faba2534ed26d
-
suricata: ET MALWARE Loki Locker Ransomware CnC Activity
suricata: ET MALWARE Loki Locker Ransomware CnC Activity
-
suricata: ET MALWARE Loki Locker Ransomware CnC Domain in DNS Lookup
suricata: ET MALWARE Loki Locker Ransomware CnC Domain in DNS Lookup
-
suricata: ET MALWARE Loki Locker Ransomware User-Agent
suricata: ET MALWARE Loki Locker Ransomware User-Agent
-
Modifies boot configuration data using bcdedit
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops startup file
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-