2024-05-24_3442e5aa1f9dd9e2495c74314b23a8d8_karagany_locky

Sharing

Copy URL Twitter E-mail

General

Target

2024-05-24_3442e5aa1f9dd9e2495c74314b23a8d8_karagany_locky
Size

95KB
MD5

3442e5aa1f9dd9e2495c74314b23a8d8
SHA1

567cf86893d9740e8a3087b2804897f4abae2be9
SHA256

59123af677ea965b893d4b53d09df530354499e4f3a61c3a352abcb7d54e1954
SHA512

27bcd588144ba6b5ca477803b83477b548fb6e2c6c5d0a932381ebf8309ecbf72da164abd987257f0544095ab7a3ff4ea7cdcb2d61b2c72c9a5eeefa92e7d487
SSDEEP

1536:UAZEfUiWvGBOsYlKvufsUNpDB9GVyhJuNQsCv3az98RLoi+6RqD5Mtr+Hwzf:UAZ+tKGBOsYkvuRNpDB9GVYJuQC92LoY

Score

10^/10

Malware Config

Signatures

Detects command variations typically used by ransomware 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_GENRansomware

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-05-24_3442e5aa1f9dd9e2495c74314b23a8d8_karagany_locky

Files

2024-05-24_3442e5aa1f9dd9e2495c74314b23a8d8_karagany_locky
.exe windows:5 windows x86 arch:x86

db957f89670853ec298503ca40311b42

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
GetLogicalDrives
GetDriveTypeW
GetCurrentThread
LCMapStringW
LoadLibraryW
Sleep
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemTime
GetTempFileNameW
CreateProcessW
GetModuleHandleA
GetProcAddress
GetVolumeNameForVolumeMountPointA
GetCurrentProcess
GetWindowsDirectoryA
GetLocaleInfoA
GetUserDefaultUILanguage
FindClose
FindFirstFileW
MultiByteToWideChar
WideCharToMultiByte
WaitForSingleObject
CopyFileW
GetTempPathW
SetUnhandledExceptionFilter
SetErrorMode
MulDiv
GetVersionExA
CreateThread
ExitProcess
GetModuleFileNameW
FlushFileBuffers
GetLastError
SetFileTime
GetSystemTimeAsFileTime
SetFilePointer
ReadFile
SetFileAttributesW
GetFileAttributesExW
DeleteFileW
MoveFileExW
WriteFile
GetFileSizeEx
CreateFileW
CloseHandle
GetStringTypeW
HeapReAlloc
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
HeapCreate
GetStdHandle
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapAlloc
HeapFree
GetCommandLineA
HeapSetInformation
GetStartupInfoW
RaiseException
IsProcessorFeaturePresent
HeapSize
GetModuleHandleW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage

user32

DrawTextW
SystemParametersInfoW
ReleaseDC
FrameRect
FillRect
GetSystemMetrics
GetDC

gdi32

GetObjectA
GetDIBits
SetBkMode
SetTextColor
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
CreateFontA
DeleteObject
GetDeviceCaps
CreateCompatibleDC
DeleteDC

advapi32

CryptDestroyHash
AccessCheck
MapGenericMask
DuplicateToken
OpenThreadToken
GetFileSecurityW
CryptHashData
SetTokenInformation
OpenProcessToken
CryptCreateHash
CryptGetHashParam
RegSetValueExW
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptDestroyKey

shell32

SHGetFolderPathW
ShellExecuteW

wininet

InternetOpenA
InternetCloseHandle
InternetSetOptionA
HttpOpenRequestA
InternetQueryOptionA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpSendRequestA
HttpQueryInfoA
InternetCrackUrlA
InternetReadFile
InternetConnectA

mpr

WNetEnumResourceW
WNetCloseEnum
WNetAddConnection2W
WNetOpenEnumW

netapi32

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db957f89670853ec298503ca40311b42

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

wininet

mpr

netapi32

Sections

.text Size: 58KB - Virtual size: 58KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 3KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 58KB - Virtual size: 58KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 8KB