locky | 086583686b2d70ff5a67cdd5c60de6770ca6cc1890f0ebe3df63173e32530477 | Triage

Sharing

General

Target

086583686b2d70ff5a67cdd5c60de6770ca6cc1890f0ebe3df63173e32530477
Size

266KB
Sample

240826-w79x3ayfjc
MD5

7ba2069377ad9b4075b36d4d5e24fbbd
SHA1

3b1ca9dfca0d50d63dde78390dc21f0c8ec4a38a
SHA256

086583686b2d70ff5a67cdd5c60de6770ca6cc1890f0ebe3df63173e32530477
SHA512

9c2c3e89d3afa5808593e1b7a725e9b9ff73d9f68e535f8d4494f37dd8bb574d52c3dd0e870a01f340dd34f355bb96bf131ef1fd853537aa1948c48c719ce21c
SSDEEP

6144:MpkXGB8gKrBlJsYmOqWhCeGxFqOdUcQt/g/iND9lK98YMuvzSvW:p1d5ZKhx9UcW/7NDTFYvvzSvW

Score

10^/10

locky defense_evasion discovery execution ransomware

Malware Config

Targets

- Target
  
  086583686b2d70ff5a67cdd5c60de6770ca6cc1890f0ebe3df63173e32530477
- Size
  
  266KB
- MD5
  
  7ba2069377ad9b4075b36d4d5e24fbbd
- SHA1
  
  3b1ca9dfca0d50d63dde78390dc21f0c8ec4a38a
- SHA256
  
  086583686b2d70ff5a67cdd5c60de6770ca6cc1890f0ebe3df63173e32530477
- SHA512
  
  9c2c3e89d3afa5808593e1b7a725e9b9ff73d9f68e535f8d4494f37dd8bb574d52c3dd0e870a01f340dd34f355bb96bf131ef1fd853537aa1948c48c719ce21c
- SSDEEP
  
  6144:MpkXGB8gKrBlJsYmOqWhCeGxFqOdUcQt/g/iND9lK98YMuvzSvW:p1d5ZKhx9UcW/7NDTFYvvzSvW
Score

10^/10

locky defense_evasion discovery ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Deletes itself
- Loads dropped DLL
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a4dd044bcd94e9b3370ccf095b31f896
- SHA1
  
  17c78201323ab2095bc53184aa8267c9187d5173
- SHA256
  
  2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
- SHA512
  
  87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a
- SSDEEP
  
  192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  0d45588070cf728359055f776af16ec4
- SHA1
  
  c4375ceb2883dee74632e81addbfa4e8b0c6d84a
- SHA256
  
  067c77d51df034b4a614f83803140fbf4cd2f8684b88ea8c8acdf163edad085a
- SHA512
  
  751ebf4c43f100b41f799d0fbf8db118ea8751df029c1f4c4b0daeb0fef200ddf2e41c1c9c55c2dc94f2c841cf6acb7df355e98a2e5877a7797f0f1d41a7e415
- SSDEEP
  
  192:ob8cSzvTyl4tgi8pPjQM0PuAg0YNyhIFtSP:mBSzm+t18pZ0WAg0RhIFg
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  RollOver.js
- Size
  
  6KB
- MD5
  
  d540fc252cab1156a4085f511467672a
- SHA1
  
  85a579e3a730308f005e2147fffbc6f1b8752fed
- SHA256
  
  c072efd67a202c910a30a01e5396028d91021bdad1ccf2afe0670ca1872df693
- SHA512
  
  df1cc66723ec64e8e16bdda79622c9470af1f01af9fe0c02e6829a4a76e4cd6705b45098d8421c37d868983e273e0adc09f27f1da2cf817d8fdc5da8c3d071ab
- SSDEEP
  
  96:0GWocfMaRFL1ttKf5YGYrV9cZqj4dZKU4JxnMdONwsx6DWMeGdC74rrTRevvyK:4ooMaRteSV9cwkajKdC74LReXyK
Score

3^/10

execution
behavioral7 behavioral8
- Target
  
  caption.js
- Size
  
  491B
- MD5
  
  27e0e11b572de3bc44be960d25d65570
- SHA1
  
  9c431113357e1a7147388978bde9b70a3ff6114a
- SHA256
  
  20f7c83ab9dfdc1e88f4c3fafc0712492200ab738fb30660526bad9dcb7282dc
- SHA512
  
  d6d9add504073be4d6fbafad3ecf0f5c54561d0a2a1496759709cdb353607b4e8f08ad6e885fd6b8872592cd3558c70269d2ded710b02bcde9a5ba4e51d14ef2
Score

3^/10

execution
behavioral10 behavioral9
- Target
  
  gestaltungsbeispiele.html
- Size
  
  2KB
- MD5
  
  f1c2b7b7b90de9d73672db4fffecd1f1
- SHA1
  
  04ef4207e0dff63d1ac2b02f701a53f6b098b5ac
- SHA256
  
  166e7db0bbf982ab239fc1ec9a147515d71d1d446d684223767c5b494c8b05d7
- SHA512
  
  81bcf68d8234b1f73aeed52548340f53c1d3db14554084ba7ac96f9e481ff5f7871be2fcc3e761672fd53f1f3898c637f63cbebb2034d81dccc4f86c55977db3
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  uninst.exe
- Size
  
  88KB
- MD5
  
  dd37451855b1c957651e3d61375d6fee
- SHA1
  
  75557a1892a576cce122308879eb8c11cb91881a
- SHA256
  
  4a07e72720feddb54300bf7dc3d3d793870a7d6f960409132f302f3fbe54e995
- SHA512
  
  a16e6b50de39ad9111e1fa86c4fee8a0ff53951d63e5492be186cc2c8111f308fc6f4d9fb17d74eb6ba9c9209c39ffb77994c699a8b90cd0aa9a09031bc07a2b
- SSDEEP
  
  1536:3Tdm9B9lYypfMXvugHQ0D0VdQiNuQgmYRN5L9A5AuLwpPA5OZPAGTU:34lLpkXGED3iNuQxqZ9AEpPAcPAeU
Score

7^/10

discovery
- Executes dropped EXE
- Loads dropped DLL
behavioral13 behavioral14
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  a4dd044bcd94e9b3370ccf095b31f896
- SHA1
  
  17c78201323ab2095bc53184aa8267c9187d5173
- SHA256
  
  2e226715419a5882e2e14278940ee8ef0aa648a3ef7af5b3dc252674111962bc
- SHA512
  
  87335a43b9ca13e1300c7c23e702e87c669e2bcf4f6065f0c684fc53165e9c1f091cc4d79a3eca3910f0518d3b647120ac0be1a68eaade2e75eaa64adfc92c5a
- SSDEEP
  
  192:em24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35OlESl:m8QIl975eXqlWBrz7YLOlE
Score

3^/10

discovery
behavioral15 behavioral16

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

JavaScript

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockydefense_evasiondiscoveryransomware

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16