General
-
Target
WinLocker.exe.exe
-
Size
1.7MB
-
Sample
240615-z6rlwayelm
-
MD5
1a013642c60039f6216d7f3906cacd00
-
SHA1
f43ed075850c4fb8e11e9c22ba05f3a8fe30cd7f
-
SHA256
4b168048b2b5ab19a73de1c6a3a970db65a3867f255f594be5373bfd7d1a5d93
-
SHA512
d9d2a3d46fec945400f7eec1f8f08632868829afaf417b3ad3e78e1ebb1e2601d9d68f96b75110fc0c788546da34d9e3bcb845d351796db99b96a8f51fb461ca
-
SSDEEP
49152:1gWzFQAwEI2iMaPhsnplri54blFp8SM6JYPTqs72cz2:mWOAfIiae2mblFpdjYPD72P
Malware Config
Targets
-
-
Target
WinLocker.exe.exe
-
Size
1.7MB
-
MD5
1a013642c60039f6216d7f3906cacd00
-
SHA1
f43ed075850c4fb8e11e9c22ba05f3a8fe30cd7f
-
SHA256
4b168048b2b5ab19a73de1c6a3a970db65a3867f255f594be5373bfd7d1a5d93
-
SHA512
d9d2a3d46fec945400f7eec1f8f08632868829afaf417b3ad3e78e1ebb1e2601d9d68f96b75110fc0c788546da34d9e3bcb845d351796db99b96a8f51fb461ca
-
SSDEEP
49152:1gWzFQAwEI2iMaPhsnplri54blFp8SM6JYPTqs72cz2:mWOAfIiae2mblFpdjYPD72P
-
Identifies hardware specifics through system_profiler
-
Path Permission
Adversaries may modify directory permissions/attributes to evade access control lists (ACLs) and access protected files.
-
Gatekeeper Bypass
Adversaries may modify file attributes and subvert Gatekeeper functionality to evade user prompts and execute untrusted programs. Gatekeeper is a set of technologies that act as layer of Apples security model to ensure only trusted applications are executed on a host.
-
File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer) may leave traces to indicate to what was done within a network and how. Removal of these files can occur.
-