Overview

overview

10

Static

static

3924b01243...11.exe

windows7_x64

10

3924b01243...11.exe

windows10-2004_x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311

  • Size

    251KB

  • Sample

    220628-tnmmbacde3

  • MD5

    3b522c3e3fc6cf29a2c8c65a80f14a08

  • SHA1

    91d0554ae2d347a98a695b4ee9aea4061794bb38

  • SHA256

    3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311

  • SHA512

    a1dba2dd77ae3637b0809aece3ffb8827e21498d3127b56d6390ced34444ccf10c56a2741b4c52cf53efa5ab0dcdcfc52e68561322dab74d975e9e15b6d545aa

Score
10/10
lockyransomwaresuricata

Malware Config

Targets

    • Target

      3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311

    • Size

      251KB

    • MD5

      3b522c3e3fc6cf29a2c8c65a80f14a08

    • SHA1

      91d0554ae2d347a98a695b4ee9aea4061794bb38

    • SHA256

      3924b012439ef8ce1946af7e7f8396ecb97e4c564cffa6d18b9cfccd5645c311

    • SHA512

      a1dba2dd77ae3637b0809aece3ffb8827e21498d3127b56d6390ced34444ccf10c56a2741b4c52cf53efa5ab0dcdcfc52e68561322dab74d975e9e15b6d545aa

    Score
    10/10
    lockyransomwaresuricata

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • suricata: ET MALWARE Self-Signed Cert Observed in Various Zbot Strains

      suricata: ET MALWARE Self-Signed Cert Observed in Various Zbot Strains

      suricata

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks