Overview

overview

10

Static

static

3

ceec01f132...18.exe

windows7-x64

10

ceec01f132...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ceec01f1321c4abd3a319adba71b8ce1_JaffaCakes118

  • Size

    615KB

  • Sample

    240906-hk2raasdjd

  • MD5

    ceec01f1321c4abd3a319adba71b8ce1

  • SHA1

    3f775d67433a13693ac53bfd0e5bcff0e078c15c

  • SHA256

    826b02f896032d0abb0afb2f4a5228f8dc148518f29007929cc8b5368dc1dec2

  • SHA512

    ccff9e87a9cfe4a4016ae1320b280c2df6f119cac8d71a3c0f4f6b1e3dd4af5a8a693363c2d91bf0107b689eb5b2ce2d8a96cb91bcf32aa49b14ea2ad029f526

  • SSDEEP

    12288:pBRpTNxQn+eBn7ZAaOEnd7InQ0/MrUqaf9t4QUjXhSdOJbbB:pVTNxQ+eBn7lB7U/Myt4pRxlb

Score
10/10
locky_lukitusdefense_evasiondiscoveryransomware

Malware Config

Targets

    • Target

      ceec01f1321c4abd3a319adba71b8ce1_JaffaCakes118

    • Size

      615KB

    • MD5

      ceec01f1321c4abd3a319adba71b8ce1

    • SHA1

      3f775d67433a13693ac53bfd0e5bcff0e078c15c

    • SHA256

      826b02f896032d0abb0afb2f4a5228f8dc148518f29007929cc8b5368dc1dec2

    • SHA512

      ccff9e87a9cfe4a4016ae1320b280c2df6f119cac8d71a3c0f4f6b1e3dd4af5a8a693363c2d91bf0107b689eb5b2ce2d8a96cb91bcf32aa49b14ea2ad029f526

    • SSDEEP

      12288:pBRpTNxQn+eBn7ZAaOEnd7InQ0/MrUqaf9t4QUjXhSdOJbbB:pVTNxQ+eBn7lB7U/Myt4pRxlb

    Score
    10/10
    locky_lukitusdefense_evasiondiscoveryransomware

    • Locky (Lukitus variant)

      Variant of the Locky ransomware seen in the wild since late 2017.

      ransomwarelocky_lukitus

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks