General
-
Target
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75.sample
-
Size
546KB
-
Sample
210726-22dp4eyfsx
-
MD5
e4179bca5bf5b1fd51172d629f5521f8
-
SHA1
488e532e55100da68eaeee30ba342cc05810e296
-
SHA256
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75
-
SHA512
9370d3a2b8d118de6396909b0ca3c1e62e374020ddb0c8a94713f0b596391f20008797509abf300f2241327fe1bfa3338623a56b9be55bd013b6b56e26430035
Static task
static1
Behavioral task
behavioral1
Sample
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75.sample.exe
Resource
win10v20210408
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?92727EE520AEBC7DCF6A6E2621246736
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?92727EE520AEBC7D95864A87426F34D0
Targets
-
-
Target
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75.sample
-
Size
546KB
-
MD5
e4179bca5bf5b1fd51172d629f5521f8
-
SHA1
488e532e55100da68eaeee30ba342cc05810e296
-
SHA256
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75
-
SHA512
9370d3a2b8d118de6396909b0ca3c1e62e374020ddb0c8a94713f0b596391f20008797509abf300f2241327fe1bfa3338623a56b9be55bd013b6b56e26430035
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-