Overview

overview

10

Static

static

3

371d9ae01a...18.exe

windows7-x64

10

371d9ae01a...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    371d9ae01acc0e04fa5c8deb2955b94c_JaffaCakes118

  • Size

    518KB

  • Sample

    240511-3h4s3sea9z

  • MD5

    371d9ae01acc0e04fa5c8deb2955b94c

  • SHA1

    45cc3b5091472fb10a55536efb9be38cd7d52eee

  • SHA256

    7ebd9695846026c58253f7510050a65f35addec806ba5077efe4968643bdd965

  • SHA512

    0b05afdd7c97c0e8d56df09bf37a45f805d3320594e3bb7ce896f7df5a0f898e7b9794c40c1cd442aea495ab52c8736c577b1c23dc400ca15045468ab69c113b

  • SSDEEP

    12288:hVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:hVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

Score
10/10
locky_lukituspersistenceransomware

Malware Config

Targets

    • Target

      371d9ae01acc0e04fa5c8deb2955b94c_JaffaCakes118

    • Size

      518KB

    • MD5

      371d9ae01acc0e04fa5c8deb2955b94c

    • SHA1

      45cc3b5091472fb10a55536efb9be38cd7d52eee

    • SHA256

      7ebd9695846026c58253f7510050a65f35addec806ba5077efe4968643bdd965

    • SHA512

      0b05afdd7c97c0e8d56df09bf37a45f805d3320594e3bb7ce896f7df5a0f898e7b9794c40c1cd442aea495ab52c8736c577b1c23dc400ca15045468ab69c113b

    • SSDEEP

      12288:hVRm47ugq9QLXzNWVn4Fkl6BQ2yLhxPtIS4GudgBXllbXtdj:hVzzzjNO4FkUQ2yL7PtIdGudqlb9dj

    Score
    10/10
    locky_lukituspersistenceransomware

    • Locky (Lukitus variant)

      Variant of the Locky ransomware seen in the wild since late 2017.

      ransomwarelocky_lukitus

    • Deletes itself

    • Adds Run key to start application

      persistence

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

System Information Discovery

2
T1082

Query Registry

1
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks