Analysis of Latest Cobra Locker ransomware sample

File detail
MD5:         4431fb78737232abbb23324ec36f459e
SHA-1:         4bb935791365ab23ac98628663a98d57df635451
SHA-256: 0b86159d631072ea71c923b2e889cb462d93227c18c4fab7a9e5ee8cb98d818c

Filename: IT.exe

With the help of VMRay Analyzer, we found the following threat indicator for this sample:

Modifies content of user files
Modifies the content of multiple user files. This is an indicator for an encryption attempt.

Deletes user files
Deletes multiple user files. This is an indicator of ransomware or wiper malware.

Hide Tracks (Delete the file after execution)
Deletes executed executable "c:\users\fd1hvy\desktop\it.exe".

After the sample execution, it starts encrypting the files in the machine and starts adding with an extension as '.IT'.

Post made by


Popular Posts