locky | 910f3929060ba4b0276b3d588068fffc055408312ac75032e80e5ab35941d784 | Triage

Submit
Reports

Overview

overview

Static

static

3

Camtasia.7z

windows10-2004-x64

Sharing

General

Target

Camtasia.7z
Size

49.3MB
Sample

240221-n4bbbseg9s
MD5

85b2cdba78fcc5e95130da235b68312c
SHA1

5629c3b0a85f1a812398c594bedffaba62184f51
SHA256

910f3929060ba4b0276b3d588068fffc055408312ac75032e80e5ab35941d784
SHA512

7234a0b08c77a3696f1c190ed3e087151cfdb368c0aef12e07d5dc9b055324247742ae11b0468532d75629f573985c0dace48065882074a8f5381046de5ce95e
SSDEEP

1572864:g5KDGC/biDPM6R641AGwCLKGzvhhkken01Q2Kq4:g5WGC/ODPd64jwCLZ7hCJnGQW4

Score

10^/10

locky stealc discovery ransomware spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Camtasia.7z

Resource

win10v2004-20240221-en

locky stealc discovery ransomware spyware stealer

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

stealc

C2

http://147.45.47.72

Attributes

url_path
/eb6f29c6a60b3865.php

Targets

- Target
  
  Camtasia.7z
- Size
  
  49.3MB
- MD5
  
  85b2cdba78fcc5e95130da235b68312c
- SHA1
  
  5629c3b0a85f1a812398c594bedffaba62184f51
- SHA256
  
  910f3929060ba4b0276b3d588068fffc055408312ac75032e80e5ab35941d784
- SHA512
  
  7234a0b08c77a3696f1c190ed3e087151cfdb368c0aef12e07d5dc9b055324247742ae11b0468532d75629f573985c0dace48065882074a8f5381046de5ce95e
- SSDEEP
  
  1572864:g5KDGC/biDPM6R641AGwCLKGzvhhkken01Q2Kq4:g5WGC/ODPd64jwCLZ7hCJnGQW4
Score

10^/10

locky stealc discovery ransomware spyware stealer
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Stealc
  Stealc is an infostealer written in C++.
  stealer stealc
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lockystealcdiscoveryransomwarespywarestealer

© 2018-2024

Terms | Privacy