General

  • Target

    679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76

  • Size

    241KB

  • Sample

    220628-tx7nvaagek

  • MD5

    e52cc2b7136c572838b8a9e2b021bd5b

  • SHA1

    33a4d5d7d28c25b3166a5ee1e6e60054622a575c

  • SHA256

    679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76

  • SHA512

    7bb9062269e886ef2767011004f8147a6fb97f5b3c37477b314328fbb2634b9c1d501f86c64c0e0ed88e03c71bdd11a612a4d1c035bfd86796cad66d46aa6f45

Malware Config

Targets

    • Target

      679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76

    • Size

      241KB

    • MD5

      e52cc2b7136c572838b8a9e2b021bd5b

    • SHA1

      33a4d5d7d28c25b3166a5ee1e6e60054622a575c

    • SHA256

      679a0ab66f1ed828eba60cc0f2a7c514eb829b287eeb47dd0b20391cbd0a5a76

    • SHA512

      7bb9062269e886ef2767011004f8147a6fb97f5b3c37477b314328fbb2634b9c1d501f86c64c0e0ed88e03c71bdd11a612a4d1c035bfd86796cad66d46aa6f45

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Loads dropped DLL

    • Adds Run key to start application

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks