2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a.bin

General
Target

2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a.bin

Size

250KB

Sample

210828-4864w5kqna

Score
10 /10
MD5

1f0a89360bb9471af8b2b1136eafd65f

SHA1

a7bd3592ff31c5c659cda9810936ddce842d6590

SHA256

2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a

SHA512

c696ee6a3a65cf01f120724c8536d14bbdc5283e6a62e1a26454629ea30c4015d62c1ba6139ca158f9952d6028ea7d9a1f76a4d2adad4e3a377d06607f5ad031

Malware Config

Extracted

Path C:\Users\Public\LOCKFILE-README.hta
Family lockfile
Ransom Note
LOCK FILE Any attempts to restore your files with the thrid-party software will be fatal for your files! Restore you data posible only buying private key from us. There is only one way to get your files back: contact us qTox ID: B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB https://tox.chat/download.html Email: contact@contipauper.com Through a recommended Download Tor Browser - https://www.torproject.org/ and install it. Open link in Tor Browser - http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion This link only works in Tor Browser! Follow the instructions on this page Do not try to recover files yourself. this process can damage your data and recovery will become impossible Do not rename encrypted files. Do not waste time trying to find the solution on the Internet. The longer you wait, the higher will become the decryption key price Decryption of your files with the help of third parties may cause increased price (they add their fee to our). Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. Thanks to the warning wallpaper provided by lockbit, it's easy to use
Emails

contact@contipauper.com

URLs

https://tox.chat/download.html

http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion

Targets
Target

2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a.bin

MD5

1f0a89360bb9471af8b2b1136eafd65f

Filesize

250KB

Score
10 /10
SHA1

a7bd3592ff31c5c659cda9810936ddce842d6590

SHA256

2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a

SHA512

c696ee6a3a65cf01f120724c8536d14bbdc5283e6a62e1a26454629ea30c4015d62c1ba6139ca158f9952d6028ea7d9a1f76a4d2adad4e3a377d06607f5ad031

Tags

Signatures

  • LockFile

    Description

    LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.

    Tags

  • Drops file in Drivers directory

  • Modifies extensions of user files

    Description

    Ransomware generally changes the extension on encrypted files.

    Tags

  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Drops file in System32 directory

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Persistence
                Privilege Escalation
                  Tasks

                  static1

                  8/10