locky | 47f9ce6bbefff2abe7311f6d02196722c95ae080cfb352aea478600a144204e0 | Triage

Submit
Reports

Overview

overview

Static

static

3

4a2592bc63...18.exe

windows7-x64

4a2592bc63...18.exe

windows10-2004-x64

Sharing

General

Target

4a2592bc635987fa01678a5eff79cdde_JaffaCakes118
Size

392KB
Sample

240516-j3kq6abh82
MD5

4a2592bc635987fa01678a5eff79cdde
SHA1

f7554f1f50e31080f6dd6946fc3755984ab4993e
SHA256

47f9ce6bbefff2abe7311f6d02196722c95ae080cfb352aea478600a144204e0
SHA512

807fbeb38bf285780a1cdb4dee569a077123fbeb28861738f001334171d6d89b7d30e53546f878cd3eff2e8e0763b92ed0331e59397a013150df13860e7e9d52
SSDEEP

12288:7pNnoX9enkmyy1SHZNZlnb/vMR7EFE9bthaxS8g3n:s9enkmbSHZNrbI7EGwxkn

Score

10^/10

locky locky_osiris ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

4a2592bc635987fa01678a5eff79cdde_JaffaCakes118.exe

Resource

win7-20240221-en

locky locky_osiris ransomware

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

4a2592bc635987fa01678a5eff79cdde_JaffaCakes118.exe

Resource

win10v2004-20240426-en

locky locky_osiris ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  4a2592bc635987fa01678a5eff79cdde_JaffaCakes118
- Size
  
  392KB
- MD5
  
  4a2592bc635987fa01678a5eff79cdde
- SHA1
  
  f7554f1f50e31080f6dd6946fc3755984ab4993e
- SHA256
  
  47f9ce6bbefff2abe7311f6d02196722c95ae080cfb352aea478600a144204e0
- SHA512
  
  807fbeb38bf285780a1cdb4dee569a077123fbeb28861738f001334171d6d89b7d30e53546f878cd3eff2e8e0763b92ed0331e59397a013150df13860e7e9d52
- SSDEEP
  
  12288:7pNnoX9enkmyy1SHZNZlnb/vMR7EFE9bthaxS8g3n:s9enkmbSHZNrbI7EGwxkn
Score

10^/10

locky locky_osiris ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Deletes itself
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lockylocky_osirisransomware

behavioral2

lockylocky_osirisransomware

© 2018-2024

Terms | Privacy