2024-03-14_708555e98eff9db5bbdd9a072f3e95b4_karagany_locky

Sharing

Copy URL

Twitter E-mail

General

Target

2024-03-14_708555e98eff9db5bbdd9a072f3e95b4_karagany_locky
Size

99KB
MD5

708555e98eff9db5bbdd9a072f3e95b4
SHA1

1203df5d8af16bf77277be6cade5e605a48c08c4
SHA256

c46502de301fafe0200b076ab9ea088ca4abbccff0062b05cad4b363a1f9bfa1
SHA512

2d31c293fb661d241b104ef9b2c25830fdd714fa4250717b5bf0065da6fe043cf94af4fa7fb93a42b767d50798976f0e736a1343d0876e29f7369df8805106f7
SSDEEP

3072:hAZ+tKGBOs0kvuRNpDB9GVYJuQC9rLoIq9Mt14wzB:CgQGksxapN9bJuGIq9MQwzB

Score

10^/10

Malware Config

Signatures

Detects command variations typically used by ransomware 1 IoCs

Processes:

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENRansomware

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2024-03-14_708555e98eff9db5bbdd9a072f3e95b4_karagany_locky

Files

2024-03-14_708555e98eff9db5bbdd9a072f3e95b4_karagany_locky
.exe windows:5 windows x86 arch:x86

db957f89670853ec298503ca40311b42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetLogicalDrives
GetDriveTypeW
GetCurrentThread
LCMapStringW
LoadLibraryW
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTime
GetTempFileNameW
CreateProcessW
GetModuleHandleA
GetProcAddress
GetVolumeNameForVolumeMountPointA
GetCurrentProcess
GetWindowsDirectoryA
GetLocaleInfoA
GetUserDefaultUILanguage
FindClose
FindFirstFileW
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
CopyFileW
GetTempPathW
SetUnhandledExceptionFilter
SetErrorMode
MulDiv
GetVersionExA
CreateThread
ExitProcess
GetModuleFileNameW
FlushFileBuffers
GetLastError
SetFileTime
GetSystemTimeAsFileTime
SetFilePointer
ReadFile
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
WriteFile
GetFileSizeEx
CreateFileW
CloseHandle
GetStringTypeW
HeapReAlloc
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapCreate
GetStdHandle
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapAlloc
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
IsProcessorFeaturePresent
HeapSize
GetModuleHandleW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage

user32

DrawTextW
SystemParametersInfoW
ReleaseDC
FrameRect
FillRect
GetSystemMetrics
GetDC

gdi32

GetObjectA
GetDIBits
SetBkMode
SetTextColor
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
CreateFontA
DeleteObject
GetDeviceCaps
CreateCompatibleDC
DeleteDC

advapi32

CryptDestroyHash
AccessCheck
MapGenericMask
DuplicateToken
OpenThreadToken
GetFileSecurityW
CryptHashData
SetTokenInformation
OpenProcessToken
CryptCreateHash
CryptGetHashParam
RegSetValueExW
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptDestroyKey

shell32

SHGetFolderPathW
ShellExecuteW

wininet

InternetOpenA
InternetCloseHandle
InternetSetOptionA
HttpOpenRequestA
InternetQueryOptionA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetReadFile
InternetConnectA

mpr

WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W
WNetOpenEnumW

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.htext
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

db957f89670853ec298503ca40311b42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

mpr

netapi32

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 8KB

.htext Size: 4KB - Virtual size: 4KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 8KB

.htext
Size: 4KB - Virtual size: 4KB