locky_lukitus | 50901a5f8f9ad8ce1efd17e41ce344fb3540da11bc79e23504c24d1d838eb805 | Triage

Submit
Reports

Overview

overview

Static

static

3

d40da1f72e...18.exe

windows7-x64

d40da1f72e...18.exe

windows10-2004-x64

Sharing

General

Target

d40da1f72e74cc5c70d4acfdb1bfcf8e_JaffaCakes118
Size

615KB
Sample

240908-lkz48syclr
MD5

d40da1f72e74cc5c70d4acfdb1bfcf8e
SHA1

3e756a055a3996c2f40f9deefc5f0cfcd0e7cbbe
SHA256

50901a5f8f9ad8ce1efd17e41ce344fb3540da11bc79e23504c24d1d838eb805
SHA512

7b5ed68b64f4c331fb2cf2bf6710ffeebaf97a09b6b6828748b06cd2abf17305167a01b7a5b4af28773784b43486be7bbbd15a9a6ee5898a95a8e58dc71a2e03
SSDEEP

12288:ZBRpTbJ2KNoKM8cn+/wpSkFBd08g2SAVl4P:ZVTblNtMNsk/Syl

Score

10^/10

locky_lukitus defense_evasion discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

d40da1f72e74cc5c70d4acfdb1bfcf8e_JaffaCakes118.exe

Resource

win7-20240903-en

locky_lukitus defense_evasion discovery ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

d40da1f72e74cc5c70d4acfdb1bfcf8e_JaffaCakes118.exe

Resource

win10v2004-20240802-en

locky_lukitus defense_evasion discovery ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  d40da1f72e74cc5c70d4acfdb1bfcf8e_JaffaCakes118
- Size
  
  615KB
- MD5
  
  d40da1f72e74cc5c70d4acfdb1bfcf8e
- SHA1
  
  3e756a055a3996c2f40f9deefc5f0cfcd0e7cbbe
- SHA256
  
  50901a5f8f9ad8ce1efd17e41ce344fb3540da11bc79e23504c24d1d838eb805
- SHA512
  
  7b5ed68b64f4c331fb2cf2bf6710ffeebaf97a09b6b6828748b06cd2abf17305167a01b7a5b4af28773784b43486be7bbbd15a9a6ee5898a95a8e58dc71a2e03
- SSDEEP
  
  12288:ZBRpTbJ2KNoKM8cn+/wpSkFBd08g2SAVl4P:ZVTblNtMNsk/Syl
Score

10^/10

locky_lukitus defense_evasion discovery ransomware
- Locky (Lukitus variant)
  Variant of the Locky ransomware seen in the wild since late 2017.
  ransomware locky_lukitus
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

locky_lukitusdefense_evasiondiscoveryransomware

behavioral2

locky_lukitusdefense_evasiondiscoveryransomware

© 2018-2025

Terms | Privacy