locky

General

Target

066dc9a1134b1db77c1574a52002f53b28cc29d0a3769bd5156d1e0e0a51a91a.exe
Size

871KB
Sample

250108-cjgrtsyrgv
MD5

2d2c7ee748d941798466b19b53da88bb
SHA1

7c0cf86f123f2896795add3ecc7bafc30fdc87bc
SHA256

066dc9a1134b1db77c1574a52002f53b28cc29d0a3769bd5156d1e0e0a51a91a
SHA512

9f5a9b6ce25222219f6ef07ac85e5fdf834215dcac81006629b21667aeb4ef9a809e336a66ead9fdcde0af8f51fa7d459b4875bf4023d6cee1eb189eba341912
SSDEEP

12288:CfT9qqQfsr85q5+OeO+OeNhBBhhBB2Lq/5/1G9ba6qCX0GuE3mczIedIHEXNuQ8k:CfT9q1fsr85hJCX0GuWIEXAihyh3LEk

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Decryptfiles.txt

Ransom Note

ATTENTION! Don't worry, you can return your files! All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key. The only method of recovering files is to purchase a decrypt tool and your key. Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned. We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Check your email 'Spam' or 'Junk' folder if you don't get answer within 6 hours. Contact us email: [email protected] [email protected] ID :B18EC211F1823C8D67FE47D556007E55F321520938F9B280FBB3E35B7E01F067DA233DC8E39E72DDC63008B5943D287822CA1CB2BE7918597FC4491306D2D4AED682B5D949D6609A0D66BB61819DDC0F38EBC3FC7D848BF4B50059433783150927DFA42C6B759C8400E7A8FE545A46B3CE06791B6E3ED93B2E73E72F9279C3A636735228B262119FEBF535AA958FB6739B66DB4D42D6482681D774DD2AD9C1A258A9ED6D2E9479B0C3EA05F30BD288B3F12352706759811342D17DEFB1685BC4272C14DE80BA59870636FF807C7CDE26C3793072EC33F2C676F180D9A904FF41084C5E2A02D7F2B1121BB672553C5559F88E05859BDD3E1BA598FBEEC0FFDA4692356C4C4FC31748C9C55A09083C9061C7E53F320B999D93DB02087FE0D2E4BCA9CAECC32632F8BD85401752BFF2DBCED6C4265A9575FB28CBF8979364DB91AF2B8CEAD24E8DF8A52A92FB8D48AA5165980AD85E0B8DEC0BC6DAAA095DB641E8D102121DABAB9F1F0327062A18289F130EF67AC400F9979047D29DF4C75C3030CB2481F44E06DE098CE23E767FF7DC278073F3E8CC0CE63621B6E4F667F9140D423765642EB3B98C0FDE5E9736B03EF8EF5597B34AAB87C13A673167D26209B8C6B364B7C6373FA7228A23C36EC090D88418D963E3600F3394BDB5E007B514727DF60A48558967AEBE38C00129B35502AEA0FADEDB193AF7222F3B44002426A41DFCB18B957B77A9CB726DC30344044E1B3BD5DBA40ED0D04D387133ED416BD6E0AB09E7373DFE89D904A727B3C52E17CABFBCAD4BA589B29ED7DEDE0FDC3A4DE804BEB7E1549D8A111CC3C2DC300236CEE3837D249229EC882CFCAA9005C7102F68D2320E126ACAEE8AAB54821E67007206E07745A3377EBCCAA20235E9C6175DE6FBC850FE435315EE48A22969C8B7FEFEAEDD9A3B1F32C6CDD7441E59D075BB2F781841BA189B0F3C665E7D893A72EAB63B011550486386D6F31AE49BC716DD3B10721B7CACBCBEED6A87E12F1612466C772800D58270162A9CDF2374E006BA24BB43D212AA7229F5837DF53843DBD98F32CEAF0291515F446C038FB32C0D7D4818D11F1E5ED4FDF91582612A0F77B5E2A123A956A58C1D4EC2E7AE199100D44A528F9AEEFD4C2D8456998C322F92B849FE93DAFCBBDB2F89E036CD43FEA5D38598E07880D788523507DD9A664FC05AFEE55C7982F492722D62B7198660F729A0455C325AFDDFA98FCED189546AA3CA3B882149E16313B6F63DFEA2C3C1A70CB342A38C0421A69F2D832D9FE31FBFEDA1FC1194A76167F56A0F975C30103E9A850252C2567A57E3AD620FD63F52578EF6AD4DF5BC0E4047BCBB2ED6D912E64791975DB8A8E1BF87948BC9D79A5F02389135C0E1D86127A103AE4E93FD623D5AE2FF789A24EE58031A65FBE9B407C559444C8DA56AF7FA0FA4ABA73C8C800DC4255F8A75BBEA0E2C03413C02D82CC81BF4CC815DB197DA81EE223F444DCE1066CEAC37D37ACB9CBFD0E6BB3276476FC451E5250E70C8E76256837D3B46DA4D2D9F6E7D1CB2750376D446D14F485D73A60A166DE2752A14FA94182D2F451582B5895EAA2767B3E2F5E4D892348BFAFA823BFFEA63B869397B69CBF8419FADE90005AC3675DF0AB37F0C9656EFD227A14883775B9F48C53D7D68AA054FBB577612AF76D193537B27F1E22E1EC6B38980CD46201D63309D4BB7D2BF7FA7E71590C1886B82B1DA2039C6DAB87335F8FB74B736BB8F937BFA50839FC9BCA398682AE86B3F391BC9FC9C5D355818F11E4E38F56D8D85789BD15A9361C9859056697D84130341B1B9DD430AFAE2D34A9729B13E1E90E4D98945F86CEF1B0A964543A26B008C3BD03EC6F7AFB763EDB15CB9A2208B12041E48749F93EAD742FF4DBC3DB1D7B8522E607817AB68644EA1209C3D7DB9AB595CEF434F64BD703D64686BBCB217A846F5A2495AEC54D4DDD8417C318369124E22A1EA16950F5C49DA0F9313F7955933668B1952CE0D6B68C0D8D51A8D843E23965D811D09E7D525D2879F8227D1E54A08F029C0BCAED9499DB416212FB8DE11702B9534E0B555C23321BB3DE74E43EF92AD5D8A8C90FEFA95E1392E8022CA8BF151EA5AA42067EDC3DDFAF542557C31629E8C44B67B56EABA680D78CF9709C979655993F9875C2BB251A48F264C424F27849052E84AFD236C80AE7BDA03AE28C52DAC95721012DE5F91F22C34E7CF4CE8F5176412ACC75B38C2A4EBEE98A45C204CC7500B9EDD42C4700DE404C7426BD7EF4DDB0D51A641A8EF4F17058401FFC7C4A877598186826AE6E36770A8ADA7193AC26EF7D7299FAE59DE3E73D2134B168F8B9DF46F58143266D43394ABFB1F25AA434CB2E087

Emails

[email protected]

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\Decryptfiles.txt

Ransom Note

ATTENTION! Don't worry, you can return your files! All your files like photos, videos and other important documents are encrypted with a strong encryption algorithm and unique key. The only method of recovering files is to purchase a decrypt tool and your key. Do not try to recover your files without a decrypt tool, you may damage them making them impossible to recover we advise you contact us in less than 72 hours, otherwise there is a possibility that your files will never be returned. We will not wait for your letter for a long time, mail can be abused, we are moving on, hurry up with the decision. Check your email 'Spam' or 'Junk' folder if you don't get answer within 6 hours. Contact us email: [email protected] [email protected] ID :F01B5816E73D11D7269751AECAE52224F13B0D8D83770A473DA393D980E679238D092AC1FDEA036A2385C60B905AA13F6C6FF34EE3E7BC71286FD739AE4C079EA2054E34453336B4AB4AEB81799B0D67ED84162442B456710FD6B2BD985F1DF62FAC4DDBCDBB05F93FEBA7A78A2C52E9CE6FBDE0B05869F8E4A2FAD6980AF4DD4BB24D973CC16E0FCE5725722B30D6878D579EF51593E3D22E527F1AD80D84BDD33B690C606C4C194F64D25D75C5C62ED1F5EB4DEF97E39582BF1CB483EE822882EDFDEE49CDEB9A32ECD5BBCDBE71453ED804E54FF026601854AAB0D9BF0689AE016E9CBF5202CBC85FB6EAB413EAE0E4EB3896A2489D31EB68416E40BA069FEC9CA293E6B278CDB771459090B0776D323F3BC018523AD2BE278D3D27B6DA8C4DFDE322146CEA0BC8F4A2549724E22E2EACBFECD1562EE2724FE09E920E29B3FBC82CB047578485A2A4DE8D10E910AEE060421D0B4892A2285C01DFB66CA6465B30844DA82A212DD5AF4EC7D33737CBBA319DCF43372B86E145D1D13C4C7400E6C1089505E58C4E5B365AA394C7001A0DB9A4F7B62E2A6AAD12CB046636972B053413133E933703862C8CC5CF937F136F6F0419682C3D93E1081D0D94D4D1907B1E310F625EB2614A138FC827A6DEF2CC016F40DA239D4A1BCF70BE0CC11858BFA3BCB2A853EDEC8C02C1139F0610B24DD72FF9EBAAC823E3318A3A8B51E9F25660205BE522FA3EC99BCEDC873857A4B28AE1A1392888970E449669AB8E82C2EE754083EFF18681F6CAF90F35B5A2E71B1BD971C491EA56BAB0B880B1A6E3651EF02194DA7F8442F148CCF2566436B7F29412499594E2C73B34578A1D3F455166F66CF6E2EE81BAA9EF850E36CA7BEC850B3A64C01352D1DBC1CC295CF304FFCE48DC07D5B7B3261C8B7DEC8CBB80F2D068ACAC283DBE0A89356432B35EF44BBBCE95D74F33F2829EA1B9D3EFC12C594B9BC4D3366528FEF99E6E12CC2CBD4FB06C1AFCDC104DEEC672FFB4C2D34D49335471C1AD1536D59C2D3E5F3A32ACA315FF1C0047555173B38E7862F3EEA62141C825CC6D3DE53114E17EFAD1FE98CD03867676FDFAC210AEC2316EF5DCD9D3DB3BFA4B5DF7ACB803F8823BDC2142E50E641FB05EE362D80244AD52815CE2BAD65E91F1DD8D84AECBCE17501D4E2E994258D7DAE1DDA4E7E719EF4AC4196C240B11CCC510D85D587E8986282A6ECE9127FCA5C1C4896929F9FC3F0DFB58DDE9C46EF4B6E58D071DB12BEE620162CD0CD6EB14B31FB2CA54F451AF249BAF4CB5AE7A8822893BFB1579CB61F8A20BBD2857A32CD533863479C34F79BF7315CD6D52970C0CF6D9E433D33C2C57F87E0B324DD6E0E9DEB2FF58D2A8CD400E7153740BBA00FCB1632015E6BEE7404A2E3DB3E7C794D47361D743F5C54750850FD8C11F3C376C23004E3668646A5A6CAA6CD89A5C779643AD3A9E6D2CBE5619D5B2BCDE4779D62256BB76C8282D874366722E558857CF8556C9DEE29198564C1C2A9C86D92CEA7AF70340B922DE3E810286E67C70AFD673062F70C1F5FF0781341546CC588449DF7AC4B2BE03DFF611E3FA18618B82963C743C2C073CAF3ABA2F49FF758AAA3EB86A57D01798C17E0E292E081A53F174502FA625E0EBF2D676EF4B226F4EEC4CFA56453E80C29585951797D72A470EDDA61BCFEDD96987A03AC66AE51E18AF0D23988F132E8E05D07A49CF901E75C87122A56A392A5760E5A9DCC16D25E34DEEAD6C5F3DEB13C08CE41F83F64E67493EC1F6CA8EA0DCD595D2FD791C26787AB57024357DA1F22C423D1FA221D8DD2921451DD996100C64A406AEBB77E532EE63FA7B885A317DC0167FDAE43D673E5729B1DEE8495B1D24090EFC14EB03FFCE5F12CE1471462FB1536F9165EDA49682B7D5489AA36C034803B8078A7E481A84163570338B0C56C95263550BDD433DC10C377247A1B1EE342F8C00D6A5D3504117A92E0CEA3A67B0A768CE8CD5C188E63079AE84987852C7D3FB6DE50466DBB91C55E9BAB82625B7515D86A874B093003679BA6B5BA4D8ED78DC2F76EE01EC35276BEE8604373F623154C890AEC4D91389D89CB3C1D9DD328725B0CF3C2C570DF0C20CCBF7A9D29C60FB413CE3B9759065D42A94C8489C0416712E53C9D9F7BE3C9F5CAC825EE84118FFDB79F94ED5704CD87B0E731D072985D2CDEC8CD29DA7E99347CE860D02E79E56574D8D02E061BFA1926607FCF5A737B528A455CDA82FA74E5CB2E37C1C2E092086CE46BA84DC70E098B07D63923E007B8D9346CDF0EC47351C8514BAAD4CA4553D7B2B5BD807FF6B284C5743041B2A321E6066DAFD1349E7F317AE6BE2D5AC64519AF0FE6096E504ECF7A3E56D20

Emails

[email protected]

Targets

- Target
  
  066dc9a1134b1db77c1574a52002f53b28cc29d0a3769bd5156d1e0e0a51a91a.exe
- Size
  
  871KB
- MD5
  
  2d2c7ee748d941798466b19b53da88bb
- SHA1
  
  7c0cf86f123f2896795add3ecc7bafc30fdc87bc
- SHA256
  
  066dc9a1134b1db77c1574a52002f53b28cc29d0a3769bd5156d1e0e0a51a91a
- SHA512
  
  9f5a9b6ce25222219f6ef07ac85e5fdf834215dcac81006629b21667aeb4ef9a809e336a66ead9fdcde0af8f51fa7d459b4875bf4023d6cee1eb189eba341912
- SSDEEP
  
  12288:CfT9qqQfsr85q5+OeO+OeNhBBhhBB2Lq/5/1G9ba6qCX0GuE3mczIedIHEXNuQ8k:CfT9q1fsr85hJCX0GuWIEXAihyh3LEk
Score

10^/10

locky credential_access defense_evasion discovery execution impact persistence ransomware spyware stealer
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky family
  locky
- Deletes shadow copies
  Ransomware often targets backup files to inhibit system recovery.
  ransomware defense_evasion impact execution
- Credentials from Password Stores: Windows Credential Manager
  Suspicious access to Credentials History.
  credential_access stealer
- Deletes itself
- Drops startup file
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Drops desktop.ini file(s)
behavioral1 behavioral2