locky | 7fcdb1feabf0785b7abdb860333954573d6f007fcb39192c71f1273916da607b | Triage

Submit
Reports

Overview

overview

Static

static

7fcdb1feab...7b.exe

windows7_x64

7fcdb1feab...7b.exe

windows10-2004_x64

Sharing

General

Target

7fcdb1feabf0785b7abdb860333954573d6f007fcb39192c71f1273916da607b
Size

258KB
Sample

220628-t1xytaced3
MD5

3b77d00635c85c13992483263fb251f5
SHA1

2b230db9e219c29e5cc7fb6a3a85fc9a78d8310a
SHA256

7fcdb1feabf0785b7abdb860333954573d6f007fcb39192c71f1273916da607b
SHA512

38739928f9c75db5e0a9315b80eed7d12b6f795dbe54cfd84320f31cd776abe1589aadd08d9fa779450f4c4ed10449a95fc493c36c68cbb8dc0c7e97b95ee1ef

Score

10^/10

locky persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

7fcdb1feabf0785b7abdb860333954573d6f007fcb39192c71f1273916da607b.exe

Resource

win7-20220414-en

locky ransomware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

7fcdb1feabf0785b7abdb860333954573d6f007fcb39192c71f1273916da607b.exe

Resource

win10v2004-20220414-en

locky persistence ransomware suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  7fcdb1feabf0785b7abdb860333954573d6f007fcb39192c71f1273916da607b
- Size
  
  258KB
- MD5
  
  3b77d00635c85c13992483263fb251f5
- SHA1
  
  2b230db9e219c29e5cc7fb6a3a85fc9a78d8310a
- SHA256
  
  7fcdb1feabf0785b7abdb860333954573d6f007fcb39192c71f1273916da607b
- SHA512
  
  38739928f9c75db5e0a9315b80eed7d12b6f795dbe54cfd84320f31cd776abe1589aadd08d9fa779450f4c4ed10449a95fc493c36c68cbb8dc0c7e97b95ee1ef
Score

10^/10

locky ransomware suricata persistence
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- suricata: ET MALWARE Locky CnC Checkin HTTP Pattern
  suricata: ET MALWARE Locky CnC Checkin HTTP Pattern
  suricata
- suricata: ET MALWARE Locky CnC checkin Nov 21
  suricata: ET MALWARE Locky CnC checkin Nov 21
  suricata
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Deletes itself
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockyransomwaresuricata

behavioral2

lockypersistenceransomwaresuricata

© 2018-2024

Terms | Privacy