Overview

overview

10

Static

static

1

EML744615923893.vbs

windows7-x64

10

EML744615923893.vbs

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f2f266c04156cd61ba06730be554b48_JaffaCakes118

  • Size

    2KB

  • Sample

    240507-c8mpdaef91

  • MD5

    1f2f266c04156cd61ba06730be554b48

  • SHA1

    8a4cd6419a93b8ec531e3f79cac51a4fcfc8ffa7

  • SHA256

    7edfbf928f12a306ff2a9b2b3c0818e3bd16a6cd7dd380b070099b36a7c7c877

  • SHA512

    408e826e15f26d25e0f50ddda8348e7381a6051af84c1119095df5d0596b031f0e0ade0b2a57ed457162ba72fc6bffe57a436f9f6ca33055f819cd557d9a2c81

Score
10/10
lockydefense_evasionexecutionimpactransomware

Malware Config

Targets

    • Target

      EML744615923893.vbs

    • Size

      10KB

    • MD5

      58d6ae6949d1a8b7659bf5f3f86e40ae

    • SHA1

      41215d31bce54d4815b0bbaa0abdfec438f18cbf

    • SHA256

      46a3a49f55ad20fcb3047ac7aa8f18c5db46af543a4d7f46c3138556f2a57b9c

    • SHA512

      16abda33c33d9171aa78e50cad7b028ba01ba47306511bd9b2340f10daccecab92127c4710e435eaded435aa73d82c9af07aff755a3897c8c1f44f01b0c1a4b2

    • SSDEEP

      192:yMHGK+P1oQQ+E4pG6/IGx/GGPGQGqGuG93ZP3VIBdbtLMddj6p4Ocg4h:y115QppPFIBdbtLMd17h

    Score
    10/10
    lockydefense_evasionexecutionimpactransomware

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

2
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Inhibit System Recovery

2
T1490

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks