Overview

overview

10

Static

static

8

2a23fac4cf...in.exe

windows7_x64

10

2a23fac4cf...in.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a.bin

  • Size

    250KB

  • Sample

    210828-4864w5kqna

  • MD5

    1f0a89360bb9471af8b2b1136eafd65f

  • SHA1

    a7bd3592ff31c5c659cda9810936ddce842d6590

  • SHA256

    2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a

  • SHA512

    c696ee6a3a65cf01f120724c8536d14bbdc5283e6a62e1a26454629ea30c4015d62c1ba6139ca158f9952d6028ea7d9a1f76a4d2adad4e3a377d06607f5ad031

Score
10/10
lockfileransomwarespywarestealerupx

Malware Config

Extracted

Path

C:\Users\Public\LOCKFILE-README.hta

Family

lockfile

Ransom Note
LOCK FILE Any attempts to restore your files with the thrid-party software will be fatal for your files! Restore you data posible only buying private key from us. There is only one way to get your files back: contact us qTox ID: B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB https://tox.chat/download.html Email: [email protected] Through a recommended Download Tor Browser - https://www.torproject.org/ and install it. Open link in Tor Browser - http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion This link only works in Tor Browser! Follow the instructions on this page Do not try to recover files yourself. this process can damage your data and recovery will become impossible Do not rename encrypted files. Do not waste time trying to find the solution on the Internet. The longer you wait, the higher will become the decryption key price Decryption of your files with the help of third parties may cause increased price (they add their fee to our). Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. Thanks to the warning wallpaper provided by lockbit, it's easy to use
URLs

https://tox.chat/download.html

http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion

Targets

    • Target

      2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a.bin

    • Size

      250KB

    • MD5

      1f0a89360bb9471af8b2b1136eafd65f

    • SHA1

      a7bd3592ff31c5c659cda9810936ddce842d6590

    • SHA256

      2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a

    • SHA512

      c696ee6a3a65cf01f120724c8536d14bbdc5283e6a62e1a26454629ea30c4015d62c1ba6139ca158f9952d6028ea7d9a1f76a4d2adad4e3a377d06607f5ad031

    Score
    10/10
    lockfileransomwarespywarestealer

    • LockFile

      LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.

      ransomwarelockfile

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks