General

  • Target

    0a2bc257eb1e266e2fd7c608bbb7e1f2ed34660c8ff21f32999fe49c6997329b

  • Size

    303KB

  • Sample

    220524-w6t58adce4

  • MD5

    d5fee0c6f1d0d730de259c64e6373a0c

  • SHA1

    894f45f50454001bd21ad2713fefc15eb25b2b8b

  • SHA256

    0a2bc257eb1e266e2fd7c608bbb7e1f2ed34660c8ff21f32999fe49c6997329b

  • SHA512

    fa39d6cdf1c00ec33ce02df71d16d83d58095d09d6a2a1c9d31ceb0bcd1d0c01abbe39daa49de37fab525a59678db241d2d2ebb36359c203a2e25c808c6b5f79

Malware Config

Targets

    • Target

      0a2bc257eb1e266e2fd7c608bbb7e1f2ed34660c8ff21f32999fe49c6997329b

    • Size

      303KB

    • MD5

      d5fee0c6f1d0d730de259c64e6373a0c

    • SHA1

      894f45f50454001bd21ad2713fefc15eb25b2b8b

    • SHA256

      0a2bc257eb1e266e2fd7c608bbb7e1f2ed34660c8ff21f32999fe49c6997329b

    • SHA512

      fa39d6cdf1c00ec33ce02df71d16d83d58095d09d6a2a1c9d31ceb0bcd1d0c01abbe39daa49de37fab525a59678db241d2d2ebb36359c203a2e25c808c6b5f79

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Locky (Osiris variant)

      Variant of the Locky ransomware seen in the wild since early 2017.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Adds Run key to start application

    • Sets desktop wallpaper using registry

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Impact

Defacement

1
T1491

Tasks