.lockymap Files Virus (PyLocky Ransomware) – Remove and Restore Data
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 3a80ea88-cb11-493f-8203-2b238bd6d737 |
| Fingerprint | 14721aea2d372e59 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | Sept. 3, 2018, 11:56 a.m. |
| Added to db | Sept. 26, 2022, 9:31 a.m. |
| Last updated | Nov. 18, 2024, 5:20 p.m. |
| Headline | .lockymap Files Virus (PyLocky Ransomware) – Remove and Restore Data |
| Title | .lockymap Files Virus (PyLocky Ransomware) – Remove and Restore Data |
| Detected Hints/Tags/Attributes | 91/3/16 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 1 | 4wcgqlckaazungm.onion |
|
| Details | Domain | 544 | sensorstechforum.com |
|
| Details | File | 4 | 2018.exe |
|
| Details | File | 2 | locky-readme.txt |
|
| Details | File | 1207 | index.php |
|
| Details | File | 2130 | cmd.exe |
|
| Details | File | 409 | c:\windows\system32\cmd.exe |
|
| Details | File | 346 | vssadmin.exe |
|
| Details | File | 131 | tar.gz |
|
| Details | File | 2 | r.bmp |
|
| Details | sha256 | 1 | 8655f8599b0892d55efc13fea404b520858d01812251b1d25dcf0afb4684dce9 |
|
| Details | Url | 1 | https://4wcgqlckaazungm.onion/index.php |
|
| Details | Windows Registry Key | 493 | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 582 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run |
|
| Details | Windows Registry Key | 470 | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce |
|
| Details | Windows Registry Key | 480 | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce |