Overview

overview

10

Static

static

3

c8be3a7e91...18.exe

windows7-x64

10

c8be3a7e91...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8be3a7e91cfa426531935853823e4ba_JaffaCakes118

  • Size

    590KB

  • Sample

    240829-nqt7aa1fjm

  • MD5

    c8be3a7e91cfa426531935853823e4ba

  • SHA1

    137c5469f469d721a4fbba9ba87d6e2e9f0005e6

  • SHA256

    e454cd6f7220ae25083c5e183e04fde1c26b1b6d9119e2aca4fc8b0125cd0be7

  • SHA512

    18de5016689e72c6d99720d1cc1f4a831ed07f8447a7fdd4e0dc9d0aacce5882c02dd417588a715dca86a8becd2e9024ec0f9336eaa0b5b6eadf09d75f952db2

  • SSDEEP

    12288:VmXxN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9:uN5+f7t3cEFVq5Y0wu7zo

Score
10/10
locky_lukitusdefense_evasiondiscoveryransomware

Malware Config

Targets

    • Target

      c8be3a7e91cfa426531935853823e4ba_JaffaCakes118

    • Size

      590KB

    • MD5

      c8be3a7e91cfa426531935853823e4ba

    • SHA1

      137c5469f469d721a4fbba9ba87d6e2e9f0005e6

    • SHA256

      e454cd6f7220ae25083c5e183e04fde1c26b1b6d9119e2aca4fc8b0125cd0be7

    • SHA512

      18de5016689e72c6d99720d1cc1f4a831ed07f8447a7fdd4e0dc9d0aacce5882c02dd417588a715dca86a8becd2e9024ec0f9336eaa0b5b6eadf09d75f952db2

    • SSDEEP

      12288:VmXxN5Hef7wWHX+IuNEFVqhJuWYI17c8Z7zo1N9:uN5+f7t3cEFVq5Y0wu7zo

    Score
    10/10
    locky_lukitusdefense_evasiondiscoveryransomware

    • Locky (Lukitus variant)

      Variant of the Locky ransomware seen in the wild since late 2017.

      ransomwarelocky_lukitus

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks