Overview

overview

7

Static

static

5

KarLocker_exe.exe

windows7_x64

7

KarLocker_exe.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    KarLocker_exe.exe

  • Size

    763KB

  • Sample

    220522-f8va1agae3

  • MD5

    688cba9c88f928b0cf854b43e97bec75

  • SHA1

    45a2b7e6c358018467e480e7b6324d1a305e0d24

  • SHA256

    481509a67f836e3826fd7835cded0619a1491ed914152d893c6d8ac950445f4f

  • SHA512

    153bb3cd0119f171d225e51fbaf44b601be22c66ac700906525861ffc42368381617c9ca481f63fb66f3e97561a6251177929b8b7d1831efdd7b0a413513ebd1

Score
7/10
ransomware

Malware Config

Targets

    • Target

      KarLocker_exe.exe

    • Size

      763KB

    • MD5

      688cba9c88f928b0cf854b43e97bec75

    • SHA1

      45a2b7e6c358018467e480e7b6324d1a305e0d24

    • SHA256

      481509a67f836e3826fd7835cded0619a1491ed914152d893c6d8ac950445f4f

    • SHA512

      153bb3cd0119f171d225e51fbaf44b601be22c66ac700906525861ffc42368381617c9ca481f63fb66f3e97561a6251177929b8b7d1831efdd7b0a413513ebd1

    Score
    7/10
    ransomware

    • Drops startup file

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Tasks