General
-
Target
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.sample
-
Size
101KB
-
Sample
210726-xj4y3ja14a
-
MD5
889328e2cf5f5d74531b9b0a25c1871c
-
SHA1
d14a6e699a1f0805bd1248c80c2dc9dfccf0f403
-
SHA256
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f
-
SHA512
f14ed75d97d2cd7e351f3cf75f9f374c2e9e388a1f5855a478d50b098b1250a67e375bdbd193b24d00bc052e0b3f8018cb3e74760be8c40b860be9f3d0ba2493
Static task
static1
Behavioral task
behavioral1
Sample
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.sample.exe
Resource
win7v20210410
Behavioral task
behavioral2
Sample
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.sample.exe
Resource
win10v20210410
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?D0407AC9D97C78CBA1AA33BD82C41D84
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?D0407AC9D97C78CBDD2363781C3C4EE2
Targets
-
-
Target
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f.sample
-
Size
101KB
-
MD5
889328e2cf5f5d74531b9b0a25c1871c
-
SHA1
d14a6e699a1f0805bd1248c80c2dc9dfccf0f403
-
SHA256
0e66029132a885143b87b1e49e32663a52737bbff4ab96186e9e5e829aa2915f
-
SHA512
f14ed75d97d2cd7e351f3cf75f9f374c2e9e388a1f5855a478d50b098b1250a67e375bdbd193b24d00bc052e0b3f8018cb3e74760be8c40b860be9f3d0ba2493
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Adds Run key to start application
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-