locky_lukitus | 3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca | Triage

Submit
Reports

Overview

overview

Static

static

3d65377193...ca.exe

windows7_x64

3d65377193...ca.exe

windows10-2004_x64

Sharing

General

Target

3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca
Size

606KB
Sample

220703-drkdcsdbej
MD5

91a61e3be9cc7251972f6ee8d4836cb4
SHA1

f78c091a623c605e74511dd80d1a48376c2c4145
SHA256

3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca
SHA512

aa773715d5333b7fc20517e8449f5fd4d54781d6d175ce7d0fbaea9b862ac6aeca8835254a37c8edccaf584d3b56d15a79d20fe296f885d2c1c300cd5487da60

Score

10^/10

locky_lukitus persistence ransomware suricata

Static task

static1

Behavioral task

behavioral1

Sample

3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca.exe

Resource

win10v2004-20220414-en

locky_lukitus persistence ransomware suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca
- Size
  
  606KB
- MD5
  
  91a61e3be9cc7251972f6ee8d4836cb4
- SHA1
  
  f78c091a623c605e74511dd80d1a48376c2c4145
- SHA256
  
  3d653771933422f9a081ea122865da76edde83cdeb41b8b8e377833e75e21aca
- SHA512
  
  aa773715d5333b7fc20517e8449f5fd4d54781d6d175ce7d0fbaea9b862ac6aeca8835254a37c8edccaf584d3b56d15a79d20fe296f885d2c1c300cd5487da60
Score

10^/10

suricata locky_lukitus persistence ransomware
- Locky (Lukitus variant)
  Variant of the Locky ransomware seen in the wild since late 2017.
  ransomware locky_lukitus
- suricata: ET MALWARE Locky CnC Checkin
  suricata: ET MALWARE Locky CnC Checkin
  suricata
- suricata: ET MALWARE Locky CnC Checkin HTTP Pattern
  suricata: ET MALWARE Locky CnC Checkin HTTP Pattern
  suricata
- suricata: ET MALWARE Locky CnC checkin Nov 21
  suricata: ET MALWARE Locky CnC checkin Nov 21
  suricata
- suricata: ET MALWARE Locky CnC checkin Nov 21 M2
  suricata: ET MALWARE Locky CnC checkin Nov 21 M2
  suricata
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Adds Run key to start application
  persistence
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

behavioral2

locky_lukituspersistenceransomwaresuricata

© 2018-2025

Terms | Privacy