locky | 83e8b72b3f30b2f74ddc49f2e7e510a1b6e2df2d25f2b12b359094858a4562e8 | Triage

Submit
Reports

Overview

overview

Static

static

3

2e1c9df867...18.exe

windows7-x64

2e1c9df867...18.exe

windows10-2004-x64

Sharing

General

Target

2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118
Size

371KB
Sample

240510-jsl68seh67
MD5

2e1c9df86798281f7bd72a4ec576c89a
SHA1

63ed5d5ebc6cfeabc4159cd151494101708dd154
SHA256

83e8b72b3f30b2f74ddc49f2e7e510a1b6e2df2d25f2b12b359094858a4562e8
SHA512

46f30ab59a5e079975beb7199d68b9f283a052f28ebb9bd0b1c03961437c0bfdf6050f157faa252968875e234080535f7261b96f7c8b0d622d1b58ea1ab754ca
SSDEEP

6144:QgS/jqoVV6VCxkY4THjzgcwzI3eJv/2dg/c1NfR4aAfmKjjjjjjjjjjjj72+ai/:Qz/jhVV6VekY4DYz6svOWk1NfirfjjjP

Score

10^/10

locky locky_osiris ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118.exe

Resource

win7-20240508-en

locky locky_osiris ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118.exe

Resource

win10v2004-20240508-en

locky locky_osiris ransomware

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  2e1c9df86798281f7bd72a4ec576c89a_JaffaCakes118
- Size
  
  371KB
- MD5
  
  2e1c9df86798281f7bd72a4ec576c89a
- SHA1
  
  63ed5d5ebc6cfeabc4159cd151494101708dd154
- SHA256
  
  83e8b72b3f30b2f74ddc49f2e7e510a1b6e2df2d25f2b12b359094858a4562e8
- SHA512
  
  46f30ab59a5e079975beb7199d68b9f283a052f28ebb9bd0b1c03961437c0bfdf6050f157faa252968875e234080535f7261b96f7c8b0d622d1b58ea1ab754ca
- SSDEEP
  
  6144:QgS/jqoVV6VCxkY4THjzgcwzI3eJv/2dg/c1NfR4aAfmKjjjjjjjjjjjj72+ai/:Qz/jhVV6VekY4DYz6svOWk1NfirfjjjP
Score

10^/10

locky locky_osiris ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lockylocky_osirisransomware

behavioral2

lockylocky_osirisransomware

© 2018-2024

Terms | Privacy