locky | c0f47f5a597be7135d9d2fc23cf2563a3b7117f8272bc794cc745266394e287e | Triage

Submit
Reports

Overview

overview

Static

static

3

c0f47f5a59...eN.exe

windows7-x64

c0f47f5a59...eN.exe

windows10-2004-x64

Sharing

General

Target

c0f47f5a597be7135d9d2fc23cf2563a3b7117f8272bc794cc745266394e287eN.exe
Size

4.0MB
Sample

250208-h8w6pstpgl
MD5

7e0e9d61b4719a57f69301984f2e29e0
SHA1

ad08f2cc627d9d1bddea42b99003a3ffcb20a1f7
SHA256

c0f47f5a597be7135d9d2fc23cf2563a3b7117f8272bc794cc745266394e287e
SHA512

b7e6a8013fc863107f2b7b3be0fef863a435dc492e4ee3afa4820e1ffc262b947bed009f0ed3567c9eb06b213948a1211117db44142101f3a9d46152006c93a7
SSDEEP

98304:J8NPKZC3KHXThoNyx8bOpgSrU4d5SOAy1pHbMuJ:JoPKZC3KHXThoNyx8bOpgSTfX1dFJ

Score

10^/10

locky locky_osiris defense_evasion discovery ransomware

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c0f47f5a597be7135d9d2fc23cf2563a3b7117f8272bc794cc745266394e287eN.exe

Resource

win7-20240903-en

locky locky_osiris defense_evasion discovery ransomware

windows7-x64

14 signatures

120 seconds

Behavioral task

behavioral2

Sample

c0f47f5a597be7135d9d2fc23cf2563a3b7117f8272bc794cc745266394e287eN.exe

Resource

win10v2004-20250207-en

locky locky_osiris defense_evasion discovery ransomware

windows10-2004-x64

18 signatures

120 seconds

Malware Config

Targets

- Target
  
  c0f47f5a597be7135d9d2fc23cf2563a3b7117f8272bc794cc745266394e287eN.exe
- Size
  
  4.0MB
- MD5
  
  7e0e9d61b4719a57f69301984f2e29e0
- SHA1
  
  ad08f2cc627d9d1bddea42b99003a3ffcb20a1f7
- SHA256
  
  c0f47f5a597be7135d9d2fc23cf2563a3b7117f8272bc794cc745266394e287e
- SHA512
  
  b7e6a8013fc863107f2b7b3be0fef863a435dc492e4ee3afa4820e1ffc262b947bed009f0ed3567c9eb06b213948a1211117db44142101f3a9d46152006c93a7
- SSDEEP
  
  98304:J8NPKZC3KHXThoNyx8bOpgSrU4d5SOAy1pHbMuJ:JoPKZC3KHXThoNyx8bOpgSTfX1dFJ
Score

10^/10

locky locky_osiris defense_evasion discovery ransomware
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky (Osiris variant)
  Variant of the Locky ransomware seen in the wild since early 2017.
  ransomware locky_osiris
- Locky family
  locky
- Locky_osiris family
  locky_osiris
- Downloads MZ/PE file
- Deletes itself
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

lockylocky_osirisdefense_evasiondiscoveryransomware

behavioral2

lockylocky_osirisdefense_evasiondiscoveryransomware

© 2018-2025

Terms | Privacy