General
-
Target
9675bb645ada0015148b73b1675fc121_JaffaCakes118
-
Size
2KB
-
Sample
240604-2expxsdf3v
-
MD5
9675bb645ada0015148b73b1675fc121
-
SHA1
1c96794b1188098e07b91d5218fe464fd7846f2d
-
SHA256
a4e8246d76e633581c23a5817ed2c4fe97f028b67f16c4ebc9e6357c3e52b2f2
-
SHA512
4210f3d2d6d83e9e21dd87e17bdf05898216a694d8d8b42d29f30099909bf1320c20712006ed161bae9a06602063498148f05760359d334fe7744df15ab226a7
Malware Config
Targets
-
-
Target
EML246970139981.vbs
-
Size
10KB
-
MD5
fb02e84625878e362aae3fd352fc19eb
-
SHA1
20301d9a3c22269e328170384b105041feae19d0
-
SHA256
f7168df8b023f2f40e865f8309367c97d7b48d4d9a7cab408af377ed7e4d42a2
-
SHA512
c4fae6bc5a991449a6c664e0afa91f6a426ab3e7c8440330ca0c86c1bd1534e48361412be6861ebcb2fe060eb68735a9642664ce9284c4c740d83042903a1669
-
SSDEEP
192:5taGo3X3QHE4pG6/IGx/GGPGQGqGuG7o+e5hlQrEuLMd5ybyEgdh:5I3HQKdeXlQrEuLMdUeh
Score10/10-
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
-
Deletes shadow copies
Ransomware often targets backup files to inhibit system recovery.
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Sets desktop wallpaper using registry
-