locky_lukitus | ae2cf1bbd5d9c324dafa15fd781d5cf8913c615a669e135b73500cdada18f215 | Triage

Submit
Reports

Overview

overview

Static

static

3

fdbcc27417...18.exe

windows7-x64

fdbcc27417...18.exe

windows10-2004-x64

Sharing

General

Target

fdbcc27417a705f78f340db3101bd95d_JaffaCakes118
Size

615KB
Sample

240929-eb4bzayepn
MD5

fdbcc27417a705f78f340db3101bd95d
SHA1

ee0fad42e180ceecd0362874ea3b9ddca6c4a064
SHA256

ae2cf1bbd5d9c324dafa15fd781d5cf8913c615a669e135b73500cdada18f215
SHA512

60fe58fc206ec59f2a9c7d30d7e3f5d70f8a3b24c6877a1045a9fdc227a63ecef7d8f973f013852a7c3ee7b74db3a1bd2d4a55bb26aa159b8eb64e166de01bd5
SSDEEP

12288:hBRpTBaRPu8d9JHxA5mOI0wsgs9sf+lJ+j4b2c2MZ:hVTO9dxAw6/gsc+lJ+SZ

Score

10^/10

locky_lukitus defense_evasion discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe

Resource

win7-20240903-en

locky_lukitus defense_evasion discovery ransomware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

fdbcc27417a705f78f340db3101bd95d_JaffaCakes118.exe

Resource

win10v2004-20240802-en

locky_lukitus defense_evasion discovery ransomware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  fdbcc27417a705f78f340db3101bd95d_JaffaCakes118
- Size
  
  615KB
- MD5
  
  fdbcc27417a705f78f340db3101bd95d
- SHA1
  
  ee0fad42e180ceecd0362874ea3b9ddca6c4a064
- SHA256
  
  ae2cf1bbd5d9c324dafa15fd781d5cf8913c615a669e135b73500cdada18f215
- SHA512
  
  60fe58fc206ec59f2a9c7d30d7e3f5d70f8a3b24c6877a1045a9fdc227a63ecef7d8f973f013852a7c3ee7b74db3a1bd2d4a55bb26aa159b8eb64e166de01bd5
- SSDEEP
  
  12288:hBRpTBaRPu8d9JHxA5mOI0wsgs9sf+lJ+j4b2c2MZ:hVTO9dxAw6/gsc+lJ+SZ
Score

10^/10

locky_lukitus defense_evasion discovery ransomware
- Locky (Lukitus variant)
  Variant of the Locky ransomware seen in the wild since late 2017.
  ransomware locky_lukitus
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

locky_lukitusdefense_evasiondiscoveryransomware

behavioral2

locky_lukitusdefense_evasiondiscoveryransomware

© 2018-2025

Terms | Privacy