Overview

overview

10

Static

static

3

client_demo.exe

windows7-x64

client_demo.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    client_demo.exe

  • Size

    10.8MB

  • Sample

    230721-kkq1wsch69

  • MD5

    9dfa6f391ccc098025b00eb281797e4d

  • SHA1

    43d61d407480fe89bb6c38e50899ba4e43186ab3

  • SHA256

    2a879d3004b7f21eef468c9adcd280664a9646389e789aa7c2cbac0cf95538b4

  • SHA512

    5c5c60f547d97d46b6e689425f38f69df97c40b737b5ebb6ccd8bc89866b1c5bc0b05b68ab38d0cc60c99723e6ac87376cd0a9acdb3da7535a8696b25f8eec74

  • SSDEEP

    98304:Y5s5qBrcvlcYhVA/lCwguUEIPzMcMnD7vd8rVwfcCLOmDsh:Y5scBrcvunNCjEIPzMcMD7F8hyDsh

Score
10/10
lockydiscoveryransomware

Malware Config

Targets

    • Target

      client_demo.exe

    • Size

      10.8MB

    • MD5

      9dfa6f391ccc098025b00eb281797e4d

    • SHA1

      43d61d407480fe89bb6c38e50899ba4e43186ab3

    • SHA256

      2a879d3004b7f21eef468c9adcd280664a9646389e789aa7c2cbac0cf95538b4

    • SHA512

      5c5c60f547d97d46b6e689425f38f69df97c40b737b5ebb6ccd8bc89866b1c5bc0b05b68ab38d0cc60c99723e6ac87376cd0a9acdb3da7535a8696b25f8eec74

    • SSDEEP

      98304:Y5s5qBrcvlcYhVA/lCwguUEIPzMcMnD7vd8rVwfcCLOmDsh:Y5scBrcvunNCjEIPzMcMD7F8hyDsh

    Score
    10/10
    lockyransomwarediscovery

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

6
T1012

Peripheral Device Discovery

2
T1120

System Information Discovery

4
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks