locky | de319e8bbd09e72378baf00e2b6e664f1c75ca21f2a0e24782ec543857d23e23 | Triage

Submit
Reports

Overview

overview

Static

static

3

Mars Steal....1.exe

windows10-2004-x64

Sharing

General

Target

Mars Stealer v6.1.rar
Size

7.3MB
Sample

230712-cdwc2acf5x
MD5

022edc2b90426455d459ab3904c978b2
SHA1

469de313638476141692ab81b6758698144ed3f9
SHA256

de319e8bbd09e72378baf00e2b6e664f1c75ca21f2a0e24782ec543857d23e23
SHA512

0bf8ca2e76ebd315a48a5674a70781e2f2ddd923004f88cfbeb1706cfac302639d8a9323c9135d987df4caf74ff7ef2614b35815fc4dbe618b648c5ed8aa7532
SSDEEP

196608:pdZH5HkgcOAq8Lx6QvamzAw8faGQOt1knuEIjS:PZHOzOAq8LxgrLnknjIm

Score

10^/10

locky ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Mars Stealer v6.1/Mars Stealer v6.1.exe

Resource

win10v2004-20230703-en

locky ransomware

windows10-2004-x64

9 signatures

1800 seconds

Malware Config

Targets

- Target
  
  Mars Stealer v6.1/Mars Stealer v6.1.exe
- Size
  
  7.2MB
- MD5
  
  660276953e84a66a74df9e7fd292c037
- SHA1
  
  9c96a70d650233c50421e6ac3fd20a9bec512293
- SHA256
  
  f14bf6c7f21d651a0bf86dea3fae7d497d4e16cf3ab6028a5af5575d18cc63a8
- SHA512
  
  57ca2dfa304d35182563deb64a959a070cb9cad60232e097fb09bbd872c0fa276a9b2cbd5462fbd7c724d445b5901f24bb1bd0aff417e9783164734f207522be
- SSDEEP
  
  98304:JIq7rpAh1qNm9r4QupZVzx6lIknS/QtA2yXJ3/fT/eegBnS9EYg1dzs7opI3:JIeeOCr4PpZVzx60IwVfj9gB4EYMRsr
Score

10^/10

locky ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lockyransomware

© 2018-2024

Terms | Privacy