Overview

overview

10

Static

static

1

LockerGoga.exe

windows7-x64

10

LockerGoga.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5310cd8477893728463d4081547840b909f466bc55037a03adb66f21d4676d51.zip

  • Size

    549KB

  • Sample

    250326-a249qsvwgx

  • MD5

    e6258130f65f6fb25c06fdb9a9262b14

  • SHA1

    883d3ce66a239dbb5c6241a968893e5ddac5c8c0

  • SHA256

    5310cd8477893728463d4081547840b909f466bc55037a03adb66f21d4676d51

  • SHA512

    74a2166073cfbbc09b0e630e7692922ce0effd00947c28f68291794e6cd05786d889293772eb97ff58f8a9d055c88c8c979c71889d323a66feda10cd40396040

  • SSDEEP

    12288:+DFOXoq676JYLXIe0MJEe+RQiyiHkELPfDuM0K76S:CPq61LXIVMJPEryiHk0XD/uS

Score
10/10
lockergogabankerdiscoverypersistenceransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\Desktop\README_LOCKED.txt

Ransom Note
Greetings! There was a significant flaw in the security system of your company. You should be thankful that the flaw was exploited by serious people and not some rookies. They would have damaged all of your data by mistake or for fun. Your files are encrypted with the strongest military algorithms RSA4096 and AES-256. Without our special decoder it is impossible to restore the data. Attempts to restore your data with third party software as Photorec, RannohDecryptor etc. will lead to irreversible destruction of your data. To confirm our honest intentions. Send us 2-3 different random files and you will get them decrypted. It can be from different computers on your network to be sure that our decoder decrypts everything. Sample files we unlock for free (files should not be related to any kind of backups). We exclusively have decryption software for your situation DO NOT RESET OR SHUTDOWN - files may be damaged. DO NOT RENAME the encrypted files. DO NOT MOVE the encrypted files. This may lead to the impossibility of recovery of the certain files. The payment has to be made in Bitcoins. The final price depends on how fast you contact us. As soon as we receive the payment you will get the decryption tool and instructions on how to improve your systems security To get information on the price of the decoder contact us at: [email protected] [email protected]

Targets

    • Target

      LockerGoga.bin

    • Size

      1.2MB

    • MD5

      e11502659f6b5c5bd9f78f534bc38fea

    • SHA1

      b5fd5c913de8cbb8565d3c7c67c0fbaa4090122b

    • SHA256

      c97d9bbc80b573bdeeda3812f4d00e5183493dd0d5805e2508728f65977dda15

    • SHA512

      86c8d4556c9e0b7d60ccbfee430eb322388449506ab515549cb8d2785582671f2dc2d2a3bd9daded9853caa8bf94d9f92603a3bc527172a85dc7a83d701f7fd0

    • SSDEEP

      24576:645Rt4El7fc/TFJzjJUgrrCq5sNIwQsUGy1q7a9DlIACTp+kqGslRG:Rjt4El7fc/TFJWstwQsPdSDuACTpqhG

    Score
    10/10
    discoveryransomwarespywarestealerlockergogabankerpersistencetrojan

    • LockerGoga

      LockerGoga is a ransomware that is primarily used in targeted, disruptive attacks.

      trojanbankerlockergoga

    • Lockergoga family

      lockergoga

    • Renames multiple (4131) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Boot or Logon Autostart Execution: Active Setup

      Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks