- First seen: January 2019
- Aliases:
- Samples:
- 6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77 | windows | ransom | pe
| Property | Value |
|---|---|
| Size | 1267728 bytes |
| CRC32 | 0xc40a56df |
| MD5 | 3ebca21b1d4e2f482b3eda6634e89211 |
| SHA1 | 37cdd1e3225f8da596dc13779e902d8d13637360 |
| SHA256 | 6e69548b1ae61d951452b65db15716a5ee2f9373be05011e897c61118c239a77 |
| SHA512 | a87c8bc3e6446c1981c16965a1719716cbedc437d8439e6089cee32c9174aed2818188c7ef638b0fe8d97a2dfd79d357981f7ec5e1a45582631b96cf9a47f637 |
| Ssdeep | 24576:OtjNyN2LPDCfSXu21PpIkfQYInn9RbEhHSO+SA+GnTQ/SOM1a/nSL:SjyMmajEDYInnjEocA+GTQ/SOMY/nSL |
| Magic | PE32 executable (GUI) Intel 80386, for MS Windows |
| Packer | PE: compiler: Microsoft Visual C/C++(2017 v.15.9)[-] PE: linker: Microsoft Linker(14.16, Visual Studio 2017 15.9*)[EXE32,admin,signed] |
| TrID | 40.3% (.EXE) Win64 Executable (generic) (10523/12/4) 19.3% (.EXE) Win16 NE executable (generic) (5038/12/1) 17.2% (.EXE) Win32 Executable (generic) (4505/5/1) 7.7% (.EXE) OS/2 Executable (generic) (2029/13) 7.6% (.EXE) Generic Win/DOS Executable (2002/3) |
+ Avast: clean
+ Avira: clean
- Bitdefender: Generic.Ransom.LockerGoga.4223BE99
- Clamav: Win.Trojan.Agent-6948664-1
- Comodo: Malware
- Drweb: Trojan.Encoder.34823
- Eset: Win32/Filecoder.LockerGoga.A
- Fsecure: Heuristic.HEUR/AGEN.1362902
- Kaspersky: Trojan-Ransom.Win32.Crypren.afbk
+ Mcafee: clean
- Sophos: Troj/Ransom-FFO
- Symantec: Ransom.GoGalocker
- Trendmicro: Ransom.Win32.LOCKERGOGA.A
- Windefender: Ransom:Win32/LockerGoga- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/lockergoga-ransomware-family-used-in-targeted-attacks/
- https://blog.f-secure.com/analysis-of-lockergoga-ransomware/
- https://www.trendmicro.com/vinfo/mx/security/news/cyber-attacks/what-you-need-to-know-about-the-lockergoga-ransomware
- https://geniusjournals.org/index.php/ejmc/article/download/2132/1858
- https://www.nioguard.com/2019/03/analysis-of-lockergoga-ransomware.html
- https://www.forcepoint.com/blog/x-labs/lockergoga-ransomware-how-it-works
- https://blog.talosintelligence.com/lockergoga/