locky | 21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6 | Triage

Submit
Reports

Overview

overview

Static

static

21a0201874...b6.exe

windows10-2004_x64

Sharing

General

Target

21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6.bin
Size

372KB
Sample

220708-nsh7ssebf6
MD5

e3b3e285390c0e2f7d04bd040bec790d
SHA1

dbee71535e9f1fb23b3f01e25989d22d51237e68
SHA256

21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6
SHA512

6156a6b0ff4f41c823cba68a4596676e357ceb5b8c0848c2828a72321dbc2a731d9ae8f1a417fe27aef7de0080001ad3f77b3809b64a93c610ae99f95b35f5be

Score

10^/10

locky locky_osiris persistence ransomware

Static task

static1

Behavioral task

behavioral1

Sample

21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6.exe

Resource

win10v2004-20220414-en

locky locky_osiris persistence ransomware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6.bin
- Size
  
  372KB
- MD5
  
  e3b3e285390c0e2f7d04bd040bec790d
- SHA1
  
  dbee71535e9f1fb23b3f01e25989d22d51237e68
- SHA256
  
  21a0201874af80436dc0a36e5cbaf7da9b75217b3e39b712f3850729cf47deb6
- SHA512
  
  6156a6b0ff4f41c823cba68a4596676e357ceb5b8c0848c2828a72321dbc2a731d9ae8f1a417fe27aef7de0080001ad3f77b3809b64a93c610ae99f95b35f5be
Score

10^/10

locky locky_osiris persistence ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Adds Run key to start application
  persistence
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirispersistenceransomware

© 2018-2024

Terms | Privacy