ghostlocker | 1364cbf8358f78f83cd39bcbfd21ea8dbff81c4e9d7e28729b816db95b04eefd | Triage

Sharing

General

Target

15701537546.zip
Size

4.5MB
Sample

240307-qzvwaace82
MD5

71e478fe2bd3d32dbe470b57b994ca28
SHA1

02b01f12ef6cb0594f3396dcab0c3c283f3a945c
SHA256

1364cbf8358f78f83cd39bcbfd21ea8dbff81c4e9d7e28729b816db95b04eefd
SHA512

a42694a8cedb4bf97d1a1878f0dda971865e262074973b10a480b12e66f01a3fac949ce01a1c0be0da382a2cc6f4baa09de4f7f6b173c39e87d1494e48a3ff8a
SSDEEP

98304:SerphDgDvStMjBvZoDm96SwBz98R00KDIbYJO3pn0:SerphNt4x96Lb8t8JOZ0

Score

10^/10

ghostlocker discovery ransomware spyware stealer

Malware Config

Extracted

Family

ghostlocker

C2

http://41.216.183.31/addInfection

Targets

- Target
  
  15701537546.zip
- Size
  
  4.5MB
- MD5
  
  71e478fe2bd3d32dbe470b57b994ca28
- SHA1
  
  02b01f12ef6cb0594f3396dcab0c3c283f3a945c
- SHA256
  
  1364cbf8358f78f83cd39bcbfd21ea8dbff81c4e9d7e28729b816db95b04eefd
- SHA512
  
  a42694a8cedb4bf97d1a1878f0dda971865e262074973b10a480b12e66f01a3fac949ce01a1c0be0da382a2cc6f4baa09de4f7f6b173c39e87d1494e48a3ff8a
- SSDEEP
  
  98304:SerphDgDvStMjBvZoDm96SwBz98R00KDIbYJO3pn0:SerphNt4x96Lb8t8JOZ0
Score

1^/10
behavioral1 behavioral2
- Target
  
  7804e09b2ba224bae06bf23ca2a8b8d668d58b828a8d5aadbbb21c3b7e2acfc4
- Size
  
  7.7MB
- MD5
  
  91de74e4426f8c9118495c56d5fa6b2d
- SHA1
  
  4797f529e20ff69179cab3dc21b81fbd3a62d6bd
- SHA256
  
  7804e09b2ba224bae06bf23ca2a8b8d668d58b828a8d5aadbbb21c3b7e2acfc4
- SHA512
  
  eb955bc67efa46a26d37a382dcb931841151f5c55dfa77d2edc6361927a82953e3a86e77042bd6cb02c0a08a5f566e0335d3f09fca3e09927e1a3ead291520ee
- SSDEEP
  
  98304:BTrszeuqmeuxWJEO7OdL3vu6+er0NGBJMV1ZAU6tSOsd:1juqmeuxhAiW6yAJMVd6M/d
Score

9^/10

discovery ransomware spyware stealer
- Renames multiple (51) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Modifies file permissions
  discovery
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File and Directory Permissions Modification

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

discoveryransomwarespywarestealer