locky | 90a7f7065d8dd058ab7049cd3f0c8788ae8950a8d2366a372571dbb800590674 | Triage

Resubmissions

25-06-2024 11:46

240625-nxaffsxfme 10

25-06-2024 11:35

240625-nqbpyaxcke 10

24-06-2024 09:07

240624-k3smfaxgkq 3

Sharing

General

Target

90a7f7065d8dd058ab7049cd3f0c8788ae8950a8d2366a372571dbb800590674
Size

236KB
Sample

240625-nqbpyaxcke
MD5

2fde1e85e1ead98a8c0e1ca7eda2a243
SHA1

4e195c7dc0d7bd995b81fc481dd300e966481201
SHA256

90a7f7065d8dd058ab7049cd3f0c8788ae8950a8d2366a372571dbb800590674
SHA512

b56a5d33fd6f99d092e5a2b7d332c0632eb4354a1c64cfb66b4a9997e5f6e0fd9d019b775705e89fe94c26b41762e11ede9dda150fc19a857ca9e2cfc05b65b2
SSDEEP

6144:FXtIh3WC7HpTBJNDrSfdH/qiNMxsJSoR:FXtsPpTrhgdHChxsJN

Score

10^/10

locky ransomware

Malware Config

Targets

- Target
  
  90a7f7065d8dd058ab7049cd3f0c8788ae8950a8d2366a372571dbb800590674
- Size
  
  236KB
- MD5
  
  2fde1e85e1ead98a8c0e1ca7eda2a243
- SHA1
  
  4e195c7dc0d7bd995b81fc481dd300e966481201
- SHA256
  
  90a7f7065d8dd058ab7049cd3f0c8788ae8950a8d2366a372571dbb800590674
- SHA512
  
  b56a5d33fd6f99d092e5a2b7d332c0632eb4354a1c64cfb66b4a9997e5f6e0fd9d019b775705e89fe94c26b41762e11ede9dda150fc19a857ca9e2cfc05b65b2
- SSDEEP
  
  6144:FXtIh3WC7HpTBJNDrSfdH/qiNMxsJSoR:FXtsPpTrhgdHChxsJN
Score

10^/10

locky ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lockyransomware

behavioral2

behavioral3

behavioral4