locky | 59e95c1c9dffd0f2b5a5b8a05b7e0f63d2d1582a582b0d11a399b0ca98816f83 | Triage

Sharing

General

Target

81ad0943b90b4dedbb6fd76278055c84
Size

1.7MB
Sample

231226-wcyxbadah7
MD5

81ad0943b90b4dedbb6fd76278055c84
SHA1

4ba545ae626fcaba16ad4cbd8a0c2417c2b8db6f
SHA256

59e95c1c9dffd0f2b5a5b8a05b7e0f63d2d1582a582b0d11a399b0ca98816f83
SHA512

cacba5f3443da58c02e3cc39ac7a9c18699dc9ad5c0c51b547a5bdcd0a29552acbd5f5ead821d5d9fa2651cc4a38eb442f2dded06bf3217d1bddd682171a2703
SSDEEP

24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaWh/BRg+Z7UDf0cGbiKdT/ZhGdx3rTERdjrb6:kh+ZkldoPK8YaWh/Ybr0j+KdThQbkzu

Score

10^/10

locky ransomware

Malware Config

Targets

- Target
  
  81ad0943b90b4dedbb6fd76278055c84
- Size
  
  1.7MB
- MD5
  
  81ad0943b90b4dedbb6fd76278055c84
- SHA1
  
  4ba545ae626fcaba16ad4cbd8a0c2417c2b8db6f
- SHA256
  
  59e95c1c9dffd0f2b5a5b8a05b7e0f63d2d1582a582b0d11a399b0ca98816f83
- SHA512
  
  cacba5f3443da58c02e3cc39ac7a9c18699dc9ad5c0c51b547a5bdcd0a29552acbd5f5ead821d5d9fa2651cc4a38eb442f2dded06bf3217d1bddd682171a2703
- SSDEEP
  
  24576:1AHnh+eWsN3skA4RV1Hom2KXMmHaWh/BRg+Z7UDf0cGbiKdT/ZhGdx3rTERdjrb6:kh+ZkldoPK8YaWh/Ybr0j+KdThQbkzu
Score

10^/10

locky ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lockyransomware

behavioral2