locky_lukitus | 8b0fde020709800cfb4a848a9e49cf3d594198d0e8ebbb6819a3f7a6b3f2bb8b | Triage

Submit
Reports

Overview

overview

Static

static

3

c29986f0da...18.exe

windows7-x64

c29986f0da...18.exe

windows10-2004-x64

Sharing

General

Target

c29986f0da4fb7c86b44bf91cd84497e_JaffaCakes118
Size

615KB
Sample

240826-j2b3mavgll
MD5

c29986f0da4fb7c86b44bf91cd84497e
SHA1

bdc4ea27f151b20d708ca64b8fe2a112e0432e96
SHA256

8b0fde020709800cfb4a848a9e49cf3d594198d0e8ebbb6819a3f7a6b3f2bb8b
SHA512

98aff6943d31339c134d94fce027364a41ec95996e654ac2904ccd71531ab5f6a8968a0063f4bf15d7338911dfe08d82855a161c40d4ebc34b1dd94a236f2cab
SSDEEP

12288:zBRpTPN4RNTaeJPDOogtBOQiim9TXNau4nRP9EfIYhRG:zVTF9oPqrBCyRafIQR

Score

10^/10

locky_lukitus defense_evasion discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c29986f0da4fb7c86b44bf91cd84497e_JaffaCakes118.exe

Resource

win7-20240705-en

locky_lukitus defense_evasion discovery ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

c29986f0da4fb7c86b44bf91cd84497e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

locky_lukitus defense_evasion discovery ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  c29986f0da4fb7c86b44bf91cd84497e_JaffaCakes118
- Size
  
  615KB
- MD5
  
  c29986f0da4fb7c86b44bf91cd84497e
- SHA1
  
  bdc4ea27f151b20d708ca64b8fe2a112e0432e96
- SHA256
  
  8b0fde020709800cfb4a848a9e49cf3d594198d0e8ebbb6819a3f7a6b3f2bb8b
- SHA512
  
  98aff6943d31339c134d94fce027364a41ec95996e654ac2904ccd71531ab5f6a8968a0063f4bf15d7338911dfe08d82855a161c40d4ebc34b1dd94a236f2cab
- SSDEEP
  
  12288:zBRpTPN4RNTaeJPDOogtBOQiim9TXNau4nRP9EfIYhRG:zVTF9oPqrBCyRafIQR
Score

10^/10

locky_lukitus defense_evasion discovery ransomware
- Locky (Lukitus variant)
  Variant of the Locky ransomware seen in the wild since late 2017.
  ransomware locky_lukitus
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

locky_lukitusdefense_evasiondiscoveryransomware

behavioral2

locky_lukitusdefense_evasiondiscoveryransomware

© 2018-2025

Terms | Privacy