locky_lukitus | aab0204705447fbf2ab759e57a9baebba3c36ea59799b5a774c9265032f502c5 | Triage

Submit
Reports

Overview

overview

Static

static

3

ef18fa4495...18.exe

windows7-x64

ef18fa4495...18.exe

windows10-2004-x64

Sharing

General

Target

ef18fa4495106a68af61c1d0d648ba82_JaffaCakes118
Size

659KB
Sample

240921-fg5yeswbmb
MD5

ef18fa4495106a68af61c1d0d648ba82
SHA1

4b693c53b6894266e5e016253bda958ae7c612a8
SHA256

aab0204705447fbf2ab759e57a9baebba3c36ea59799b5a774c9265032f502c5
SHA512

bf368e77cf8fdb67fb6221e6020149747bfb85f70691954029cd2e42a5b42f98d344cce682ea4796cff14e0b03fd15ce1390b88d8425a279bc2411de15971447
SSDEEP

12288:KVi5h23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56r:KVia3p0RzYa+E

Score

10^/10

locky_lukitus defense_evasion discovery execution impact ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

ef18fa4495106a68af61c1d0d648ba82_JaffaCakes118.exe

Resource

win7-20240903-en

locky_lukitus defense_evasion discovery execution impact ransomware

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

ef18fa4495106a68af61c1d0d648ba82_JaffaCakes118.exe

Resource

win10v2004-20240802-en

locky_lukitus defense_evasion discovery execution impact ransomware

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  ef18fa4495106a68af61c1d0d648ba82_JaffaCakes118
- Size
  
  659KB
- MD5
  
  ef18fa4495106a68af61c1d0d648ba82
- SHA1
  
  4b693c53b6894266e5e016253bda958ae7c612a8
- SHA256
  
  aab0204705447fbf2ab759e57a9baebba3c36ea59799b5a774c9265032f502c5
- SHA512
  
  bf368e77cf8fdb67fb6221e6020149747bfb85f70691954029cd2e42a5b42f98d344cce682ea4796cff14e0b03fd15ce1390b88d8425a279bc2411de15971447
- SSDEEP
  
  12288:KVi5h23Ks1mQnWattmsbMVSH05SxQiEQ9jmE56r:KVia3p0RzYa+E
Score

10^/10

locky_lukitus defense_evasion discovery execution impact ransomware
- Locky (Lukitus variant)
  Variant of the Locky ransomware seen in the wild since late 2017.
  ransomware locky_lukitus
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

Persistence

Privilege Escalation

Defense Evasion

Direct Volume Access

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Inhibit System Recovery

Tasks

static1

behavioral1

locky_lukitusdefense_evasiondiscoveryexecutionimpactransomware

behavioral2

locky_lukitusdefense_evasiondiscoveryexecutionimpactransomware

© 2018-2024

Terms | Privacy