Analysis of Latest Cobra Locker ransomware sample
With the help of VMRay Analyzer, we found the following threat indicator for this sample:
Modifies content of user files
Modifies the content of multiple user files. This is an indicator for an encryption attempt.
Deletes user files
Deletes multiple user files. This is an indicator of ransomware or wiper malware.
Hide Tracks (Delete the file after execution)
Deletes executed executable "c:\users\fd1hvy\desktop\it.exe".
After the sample execution, it starts encrypting the files in the machine and starts adding with an extension as '.IT'.
Post made by