locky_lukitus | 3b165affc00609b754497f45e6ec40288a8ad50cd4c58ec30f806a0354824fb0 | Triage

Submit
Reports

Overview

overview

Static

static

3

e9ee6a2d73...18.exe

windows7-x64

e9ee6a2d73...18.exe

windows10-2004-x64

Sharing

General

Target

e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118
Size

615KB
Sample

240918-zfdmbssgpk
MD5

e9ee6a2d73bb09393df9f62940a318d3
SHA1

2a31c821a51e90eddbb2f3d2d65259486bb2055f
SHA256

3b165affc00609b754497f45e6ec40288a8ad50cd4c58ec30f806a0354824fb0
SHA512

c2d94b631e6cfed6f482f72f6178568d8128c5e5088eb03e7381f79ce28680a4688d192143c2447afe53d7cfb12a0d11eff5ce595d9ad045cdc14a9f588179dd
SSDEEP

12288:fBRpTaQix0qCZhbxO5MfcdGms4jORsTXFhygaoRAIjMo/8H4fR:fVTaHxC1U5Td9jYshhn5RvwQ8Y5

Score

10^/10

locky_lukitus defense_evasion discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe

Resource

win7-20240903-en

locky_lukitus defense_evasion discovery ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118.exe

Resource

win10v2004-20240802-en

locky_lukitus defense_evasion discovery ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  e9ee6a2d73bb09393df9f62940a318d3_JaffaCakes118
- Size
  
  615KB
- MD5
  
  e9ee6a2d73bb09393df9f62940a318d3
- SHA1
  
  2a31c821a51e90eddbb2f3d2d65259486bb2055f
- SHA256
  
  3b165affc00609b754497f45e6ec40288a8ad50cd4c58ec30f806a0354824fb0
- SHA512
  
  c2d94b631e6cfed6f482f72f6178568d8128c5e5088eb03e7381f79ce28680a4688d192143c2447afe53d7cfb12a0d11eff5ce595d9ad045cdc14a9f588179dd
- SSDEEP
  
  12288:fBRpTaQix0qCZhbxO5MfcdGms4jORsTXFhygaoRAIjMo/8H4fR:fVTaHxC1U5Td9jYshhn5RvwQ8Y5
Score

10^/10

locky_lukitus defense_evasion discovery ransomware
- Locky (Lukitus variant)
  Variant of the Locky ransomware seen in the wild since late 2017.
  ransomware locky_lukitus
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

locky_lukitusdefense_evasiondiscoveryransomware

behavioral2

locky_lukitusdefense_evasiondiscoveryransomware

© 2018-2024

Terms | Privacy