[ MALWARE MUTEX INTELLIGENCE DATABASE ]
 ███████╗██╗   ██╗██╗██╗         ███╗   ███╗██╗   ██╗████████╗███████╗██╗  ██╗
 ██╔════╝██║   ██║██║██║         ████╗ ████║██║   ██║╚══██╔══╝██╔════╝╚██╗██╔╝
█████╗  ██║   ██║██║██║         ██╔████╔██║██║   ██║   ██║   █████╗   ╚███╔╝
██╔══╝  ╚██╗ ██╔╝██║██║         ██║╚██╔╝██║██║   ██║   ██║   ██╔══╝   ██╔██╗
 ███████╗ ╚████╔╝ ██║███████╗    ██║ ╚═╝ ██║╚██████╔╝   ██║   ███████╗██╔╝ ██╗
 ╚══════╝  ╚═══╝  ╚═╝╚══════╝    ╚═╝     ╚═╝ ╚═════╝    ╚═╝   ╚══════╝╚═╝  ╚═╝

Advanced Malware Analysis & Threat Intelligence

06:17:09
[ALL_FAMILIES]

AstraLocker

ransomware1 mutex signatures

[BASIC_INFORMATION]

FAMILY_NAME:
AstraLocker
CATEGORY:
RANSOMWARE
DESCRIPTION:
AstraLocker is a ransomware family that has been observed pushing ransomware directly from Office documents. The malware employs sophisticated techniques to evade detection and is known for its 'smash and grab' approach to file encryption. It targets organizations globally and demands payment for decryption.
ALIASES:
AstraLocker Ransomware
TAGS:
file_encryptionoffice_documentsextortionsmash_and_grabcybercriminal

[MUTEX_SIGNATURES](1)

[MUTEX_01]
EncryptedWithAstraLocker
ANALYST: @adhikara13 DATE: 2024-07-16
REFERENCES:
https://www.reversinglabs.com/blog/smash-and-grab-astralocker-2-pushes-ransomware-direct-from-office-docs

[QUICK_ACTIONS]

[THREAT_INTELLIGENCE]

ATTRIBUTION:
Unknown
FIRST_OBSERVED:
2024

[SIGMA_RULE]

[STATISTICS]
MUTEX_COUNT:1
THREAT_ACTORS:1
ALIASES:1
TAGS:5
CATEGORY:RANSOMWARE
 Malware profile loaded successfully 
 EvilMutex Project v1.0.0 
 Open Source Threat Intelligence Database 
[GITHUB][DOCS]