locky | acd6287f7fa2e10f6cd00f8fc8e9d8aa6553b2e95186c3190958f5ef40259f66 | Triage

Submit
Reports

Overview

overview

Static

static

3

b65b194c6c...51.exe

windows7-x64

b65b194c6c...51.exe

windows10-2004-x64

Sharing

General

Target

b65b194c6cc134d56ba3acdcc7bd3051
Size

328KB
Sample

240306-dn32asba37
MD5

b65b194c6cc134d56ba3acdcc7bd3051
SHA1

98c7e593d956776addd16d0d3f4647d5d69e8fcc
SHA256

acd6287f7fa2e10f6cd00f8fc8e9d8aa6553b2e95186c3190958f5ef40259f66
SHA512

a076f13f9b9c07bbf34ea9105d63ae24c2996f1b4cb77f58c3b080e333cb4f19bcbf75d1f3bafe34ee85defed00be41fd22c7af859ca3473d96e3764da202339
SSDEEP

6144:WLTEviCT+6HQEs6fwpOqb+kO506PqR0zhIx8mN8e9X5Zlev:diCT+gzGn+tqieNfJS

Score

10^/10

locky locky_osiris ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

b65b194c6cc134d56ba3acdcc7bd3051.exe

Resource

win7-20240221-en

locky locky_osiris ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

b65b194c6cc134d56ba3acdcc7bd3051.exe

Resource

win10v2004-20240226-en

locky locky_osiris ransomware

windows10-2004-x64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  b65b194c6cc134d56ba3acdcc7bd3051
- Size
  
  328KB
- MD5
  
  b65b194c6cc134d56ba3acdcc7bd3051
- SHA1
  
  98c7e593d956776addd16d0d3f4647d5d69e8fcc
- SHA256
  
  acd6287f7fa2e10f6cd00f8fc8e9d8aa6553b2e95186c3190958f5ef40259f66
- SHA512
  
  a076f13f9b9c07bbf34ea9105d63ae24c2996f1b4cb77f58c3b080e333cb4f19bcbf75d1f3bafe34ee85defed00be41fd22c7af859ca3473d96e3764da202339
- SSDEEP
  
  6144:WLTEviCT+6HQEs6fwpOqb+kO506PqR0zhIx8mN8e9X5Zlev:diCT+gzGn+tqieNfJS
Score

10^/10

locky locky_osiris ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lockylocky_osirisransomware

behavioral2

lockylocky_osirisransomware

© 2018-2024

Terms | Privacy