General

  • Target

    d7439836f8d815eb5d6ad8e7fc735ba194f029711883bebc225f70e0ce0ae2eb

  • Size

    186KB

  • Sample

    220628-wy6t2sbdgr

  • MD5

    264f16260d200d0501cf83220ed9a30a

  • SHA1

    e180fb8857825be29e05bdb73cb8a1ac13a67d12

  • SHA256

    d7439836f8d815eb5d6ad8e7fc735ba194f029711883bebc225f70e0ce0ae2eb

  • SHA512

    a37c957437252a6765739371048e86da369ee7177a4f495ef86813e58b05d5dbba2327552740fabae69e8fbe6d45149483c9b1cfcb87761b92697629a3047091

Score
10/10

Malware Config

Targets

    • Target

      d7439836f8d815eb5d6ad8e7fc735ba194f029711883bebc225f70e0ce0ae2eb

    • Size

      186KB

    • MD5

      264f16260d200d0501cf83220ed9a30a

    • SHA1

      e180fb8857825be29e05bdb73cb8a1ac13a67d12

    • SHA256

      d7439836f8d815eb5d6ad8e7fc735ba194f029711883bebc225f70e0ce0ae2eb

    • SHA512

      a37c957437252a6765739371048e86da369ee7177a4f495ef86813e58b05d5dbba2327552740fabae69e8fbe6d45149483c9b1cfcb87761b92697629a3047091

    Score
    10/10
    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

    • Deletes itself

    • Loads dropped DLL

    • Sets desktop wallpaper using registry

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks