General
-
Target
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.zip
-
Size
55KB
-
Sample
200619-wq72cs2sqx
-
MD5
c6a6b956f14f13df9aa62b2fda1e4cf8
-
SHA1
6e84b32c802fe7614e8a551f8774389697c52528
-
SHA256
8a550acacdbc1bf387189702f686a6b78d5fe08286f99165f4dee4cf7ce4b662
-
SHA512
feee25e80a7f9cecd51b2854a4980a529d0c23d2b9ab4614f21ff33b63b04d325c4a7d26540390333f875cbf1177c12f32f87f078143fdb236bdc717e46413b3
Static task
static1
Behavioral task
behavioral1
Sample
Lockbit.bin.exe
Resource
win7
Behavioral task
behavioral2
Sample
Lockbit.bin.exe
Resource
win10
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?D0407AC9D97C78CBCEB996649AC036A0
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?D0407AC9D97C78CBBA0A23576F9C683E
Targets
-
-
Target
Lockbit.bin
-
Size
101KB
-
MD5
889328e2cf5f5d74531b9b0a25c1871c
-
SHA1
d14a6e699a1f0805bd1248c80c2dc9dfccf0f403
-
SHA256
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f
-
SHA512
f14ed75d97d2cd7e351f3cf75f9f374c2e9e388a1f5855a478d50b098b1250a67e375bdbd193b24d00bc052e0b3f8018cb3e74760be8c40b860be9f3d0ba2493
Score10/10-
Deletes system backup catalog
Ransomware often tries to delete backup files to inhibit system recovery.
-
Modifies boot configuration data using bcdedit
-
Deletes itself
-
Adds Run entry to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
-
Modifies service
-
Sets desktop wallpaper using registry
-