Overview

overview

10

Static

static

Prepros-Se....0.exe

windows7-x64

10

Prepros-Se....0.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Prepros-Setup-7.6.0.exe

  • Size

    226.8MB

  • Sample

    230109-s7v75aeg36

  • MD5

    3a734395c8d70263eb3b41d3eda9ee7d

  • SHA1

    26644f9adbdd330eeb9f07379bd2f3fc67fa737a

  • SHA256

    8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4

  • SHA512

    1e82cd06f5960049f99d3ea7a026f52c955f36de73d5996f62614eea577770b42c73d2b606454cc8d6a20664ec23d8e7be0e6bc2ef4d16a6c35784c920d0fda6

  • SSDEEP

    6291456:REqeKBbSB1OF3XLM5c8nfK10uPgq7mULvhOs93YbLr2FPo:REOBmB1OJY5LfK10jamM5Os93Pq

Score
10/10
lockydiscoveryransomware

Malware Config

Targets

    • Target

      Prepros-Setup-7.6.0.exe

    • Size

      226.8MB

    • MD5

      3a734395c8d70263eb3b41d3eda9ee7d

    • SHA1

      26644f9adbdd330eeb9f07379bd2f3fc67fa737a

    • SHA256

      8ce4bcc720ffd2608264756a8dc39794ebdfef5e65a9513d02d290f9cbe8c3f4

    • SHA512

      1e82cd06f5960049f99d3ea7a026f52c955f36de73d5996f62614eea577770b42c73d2b606454cc8d6a20664ec23d8e7be0e6bc2ef4d16a6c35784c920d0fda6

    • SSDEEP

      6291456:REqeKBbSB1OF3XLM5c8nfK10uPgq7mULvhOs93YbLr2FPo:REOBmB1OJY5LfK10jamM5Os93Pq

    Score
    10/10
    lockydiscoveryransomware

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks