ghostlocker | 4b82bcc964820d3ddbb105e1ef5eb85a2d1902ffa0381c4bffa251069adbc10e | Triage

Sharing

General

Target

15701147767.zip
Size

4.1MB
Sample

240307-jz8zksgd8t
MD5

40565dffe6fd906713104947a8ef2f12
SHA1

42837fbf889c27a8f8297c7d8959d800bb63f0da
SHA256

4b82bcc964820d3ddbb105e1ef5eb85a2d1902ffa0381c4bffa251069adbc10e
SHA512

11795a07fea412024c551a02a46513ebe6722980e56c5aa914b90ce813388d451c814244aea857d10c6b82324aa4a7ca1ae7ac2969f0dc78c15aff90559ea7bb
SSDEEP

98304:ZQz0GhBK1SUUHQ/C8wNDf+gk/bxiwMNcWeTq7haE5FNjjuCWrPRD:Z0lBKpUwGNi/iwhWz4E5FNjju5RD

Score

10^/10

ghostlocker

Malware Config

Extracted

Family

ghostlocker

C2

http://41.216.183.31/incrementLaunch

http://41.216.183.31/addInfection

Targets

- Target
  
  37214b37345bfbeeacf7b83ecb4e1ce0044acc2066d14e7ef9a87fd56a3b5975
- Size
  
  7.0MB
- MD5
  
  c6208c4b168c2f8c433d6473e8ce3fb5
- SHA1
  
  f9887e0cb144b3c68ff77017c6fef55f1da38b64
- SHA256
  
  37214b37345bfbeeacf7b83ecb4e1ce0044acc2066d14e7ef9a87fd56a3b5975
- SHA512
  
  7c17b71806497e5722b79ddd11e4ffe3fba57611121e19a2acfb06b65d0e4b55a2842e031a286eecbbbeb99ec6d196d27c2e49359a207a92884a31017dce3d12
- SSDEEP
  
  98304:i4nOqpxV0AFE9iE/kxjSuqC82WpUlCnrwqJlmvq:bpxV0D9S56j2SYorwq7eq
Score

7^/10
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2