Locky Ransomware (Lukitus Variant) | VTI by Category
Try VMRay Analyzer
VTI Information
VTI Score
100 / 100
VTI Database Version 2.6
VTI Rule Match Count 16
VTI Rule Type Documents
Detected Threats
Arrow File System
Arrow
Create many files
Create above average number of files.
Arrow
Encrypt content of user files
Encrypt the content of multiple user files. This is an indicator for ransomware.
Arrow Network
Arrow
Download data
Url "http://calster.be/87wifhFsdf".
Url "212.109.220.109/imageload.cgi".
Arrow
Connect to HTTP server
Remote address "http://calster.be/87wifhFsdf".
Remote address "212.109.220.109/imageload.cgi".
Arrow PE
Arrow
Execute dropped PE file
Execute dropped file "c:\users\aetadzjz\appdata\local\temp\agraba8.exe".
Arrow
Drop PE file
Drop file "c:\users\aetadzjz\appdata\local\temp\agraba8.exe".
Arrow Process
Arrow
Create process
Create process "C:\Users\aETAdzjz\Desktop\lukitus.htm".
Create process "C:\Users\aETAdzjz\Desktop\lukitus.bmp".
Create process "cmd.exe /C del /Q /F "C:\Users\aETAdzjz\AppData\Local\Temp\agraba8.exe"".
Arrow VBA Macro
Arrow
Create suspicious COM object
CreateObject(VertikName)
CreateObject(AlertNE)
CreateObject(AlertN(1))
CreateObject(AlertN(3))
Arrow
Execute macro on specific worksheet event
Execute macro on "Open Document" event.
- Anti Analysis
- Browser
- Device
- OS
- Hide Tracks
- Information Stealing
- Injection
- Kernel
- Masquerade
- Persistence
- User
- YARA
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefox with deactivated setting "security.fileuri.strict_origin_policy". 


    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image