Overview

overview

10

Static

static

3

f2c9ae3735...50.exe

windows7-x64

10

f2c9ae3735...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150

  • Size

    135KB

  • Sample

    241018-wrfz2ssfrp

  • MD5

    511aa2f2fe6196e032ec7fef83bb8d95

  • SHA1

    ce874f517d335a1e1ab0df99111df1d3adbc0d21

  • SHA256

    f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150

  • SHA512

    78a4771ab5e531420a45338ae27a5a4dad11b50385964a739e7ecec2c55d3ee47cde148dfc1e82ce7e8b8eb8a04a7f9b784cdd640e490a84bc8ce621d2f8d1c0

  • SSDEEP

    3072:VV2vxw88jLtbMmJ2RqRADLK1iJ1/NvdOgecZlw/C:VV2v503kRqRuL0iJ1FdLec9

Score
10/10
lockydefense_evasiondiscoveryransomware

Malware Config

Targets

    • Target

      f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150

    • Size

      135KB

    • MD5

      511aa2f2fe6196e032ec7fef83bb8d95

    • SHA1

      ce874f517d335a1e1ab0df99111df1d3adbc0d21

    • SHA256

      f2c9ae3735430b930a81148c0bb470fcb733e456a2a942f859a1b59c4a7b2150

    • SHA512

      78a4771ab5e531420a45338ae27a5a4dad11b50385964a739e7ecec2c55d3ee47cde148dfc1e82ce7e8b8eb8a04a7f9b784cdd640e490a84bc8ce621d2f8d1c0

    • SSDEEP

      3072:VV2vxw88jLtbMmJ2RqRADLK1iJ1/NvdOgecZlw/C:VV2v503kRqRuL0iJ1FdLec9

    Score
    10/10
    lockydefense_evasiondiscoveryransomware

    • Locky

      Ransomware strain released in 2016, with advanced features like anti-analysis.

      ransomwarelocky

    • Deletes itself

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks