locky | hxxps://github[.]com/kh4sh3i/Ransomware-Samples | Triage

Resubmissions

08/03/2025, 17:11

250308-vqjtwazwcz 10

02/02/2025, 15:47

250202-s8dpgazqbp 10

02/02/2025, 15:44

250202-s6mvcszpel 6

Sharing

General

Target

https://github.com/kh4sh3i/Ransomware-Samples
Sample

250308-vqjtwazwcz

Score

10^/10

locky defense_evasion discovery execution ransomware

Malware Config

Targets

- Target
  
  https://github.com/kh4sh3i/Ransomware-Samples
Score

10^/10

locky defense_evasion discovery execution ransomware
- Disables service(s)
  defense_evasion execution
- Locky
  Ransomware strain released in 2016, with advanced features like anti-analysis.
  ransomware locky
- Locky family
  locky
- Drops startup file
- Executes dropped EXE
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Legitimate hosting services abused for malware hosting/C2
- Network Service Discovery
  Attempt to gather information on host's network.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

System Services

Service Execution

Persistence

Create or Modify System Process

Windows Service

Privilege Escalation

Create or Modify System Process

Windows Service

Defense Evasion

Indicator Removal

File Deletion

Credential Access

Discovery

Browser Information Discovery

Network Service Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

urlscan1

behavioral1

lockydefense_evasiondiscoveryexecutionransomware