General
-
Target
0d80447ad564ffd0c40cc71213787f823de1b058dc1aa856aa67f438dd51d537
-
Size
249KB
-
Sample
220628-wzkcfadbg7
-
MD5
1cc0cca4d5d49aba352f4cc93aed3f6f
-
SHA1
e7db8694074d1a2c7ac097eff4c085debe389d73
-
SHA256
0d80447ad564ffd0c40cc71213787f823de1b058dc1aa856aa67f438dd51d537
-
SHA512
fa127310e53e2bb80f6ea27574e2a28eddd180df0ce00fe49d53f4ba508550f5100943a4db8ac1a786468acada99fe0b1476b73417d8fa4d0349eb62a390a29e
Malware Config
Targets
-
-
Target
0d80447ad564ffd0c40cc71213787f823de1b058dc1aa856aa67f438dd51d537
-
Size
249KB
-
MD5
1cc0cca4d5d49aba352f4cc93aed3f6f
-
SHA1
e7db8694074d1a2c7ac097eff4c085debe389d73
-
SHA256
0d80447ad564ffd0c40cc71213787f823de1b058dc1aa856aa67f438dd51d537
-
SHA512
fa127310e53e2bb80f6ea27574e2a28eddd180df0ce00fe49d53f4ba508550f5100943a4db8ac1a786468acada99fe0b1476b73417d8fa4d0349eb62a390a29e
Score10/10-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
suricata: ET MALWARE Locky CnC Checkin HTTP Pattern
suricata: ET MALWARE Locky CnC Checkin HTTP Pattern
-
suricata: ET MALWARE Locky CnC checkin Nov 21
suricata: ET MALWARE Locky CnC checkin Nov 21
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Deletes itself
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Installs/modifies Browser Helper Object
BHOs are DLL modules which act as plugins for Internet Explorer.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of SetThreadContext
-