Overview

overview

10

Static

static

svchost.exe

windows7_x64

10

svchost.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    svchost.exe

  • Size

    272KB

  • Sample

    210830-yrelqgrq7a

  • MD5

    35ebfdabce6eac99d7849916182486d1

  • SHA1

    ea77ddfb8947e5145928937170e8eb29973d05fd

  • SHA256

    84d9ef8cb92d57b178cce655f3f7808c6f5cf42f15c468f741b253f37ffc39fc

  • SHA512

    ea7e7303fa17634c635fa7f0f9a3c3957c52f74bd871d98c54df9ebb1237fa917c6b09293327b815c9793e9374a6d4b92342fc8c0b5f80954797b77ebaa158c6

Score
10/10
lockbitevasionransomwaretrojan

Malware Config

Extracted

Path

C:\Restore-My-Files.txt

Family

lockbit

Ransom Note
All your important files are encrypted! There is only one way to get your files back: 1. Contact with us 2. Send us 1 any encrypted your file and your personal id 3. We will decrypt 1 file for test(maximum file size - 2MG), it is guarantee what we can decrypt your files 4. Pay 5. We send for you decryptor software We accept Bitcoin Attention! Do not rename encrypted files. Do not try to decrypt using third party software, it may cause permanent data loss. Decryption of your files with the help if third parties may cause increase price(they add their fee to our) Contact information: [email protected] Be sure to duplicate your message on the e-mail: [email protected] Your personal id: C9265D77

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\info.hta

Ransom Note
Loki locker All your important files have been encrypted If you want to restore them, write us to the e-mail [email protected] Write this ID in the title of your message C9265D77 In case of no answer in 24 hours write us to this e-mail: [email protected] Free decryption as guarantee Before paying you can send us 1 file for free decryption. The total size of files must be less than 2Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Extracted

Path

C:\Restore-My-Files.txt

Family

lockbit

Ransom Note
All your important files are encrypted! There is only one way to get your files back: 1. Contact with us 2. Send us 1 any encrypted your file and your personal id 3. We will decrypt 1 file for test(maximum file size - 2MG), it is guarantee what we can decrypt your files 4. Pay 5. We send for you decryptor software We accept Bitcoin Attention! Do not rename encrypted files. Do not try to decrypt using third party software, it may cause permanent data loss. Decryption of your files with the help if third parties may cause increase price(they add their fee to our) Contact information: [email protected] Be sure to duplicate your message on the e-mail: [email protected] Your personal id: 2991A971

Extracted

Path

C:\Users\Admin\AppData\Local\Temp\info.hta

Ransom Note
Loki locker All your important files have been encrypted If you want to restore them, write us to the e-mail [email protected] Write this ID in the title of your message 2991A971 In case of no answer in 24 hours write us to this e-mail: [email protected] Free decryption as guarantee Before paying you can send us 1 file for free decryption. The total size of files must be less than 2Mb (non archived), and files should not contain valuable information. (databases,backups, large excel sheets, etc.) How to obtain Bitcoins The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price. https://localbitcoins.com/buy_bitcoins Also you can find other places to buy Bitcoins and beginners guide here: http://www.coindesk.com/information/how-can-i-buy-bitcoins/ Attention! Do not rename encrypted files. Do not try to decrypt your data using third party software, it may cause permanent data loss. Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.

Targets

    • Target

      svchost.exe

    • Size

      272KB

    • MD5

      35ebfdabce6eac99d7849916182486d1

    • SHA1

      ea77ddfb8947e5145928937170e8eb29973d05fd

    • SHA256

      84d9ef8cb92d57b178cce655f3f7808c6f5cf42f15c468f741b253f37ffc39fc

    • SHA512

      ea7e7303fa17634c635fa7f0f9a3c3957c52f74bd871d98c54df9ebb1237fa917c6b09293327b815c9793e9374a6d4b92342fc8c0b5f80954797b77ebaa158c6

    Score
    10/10
    lockbitevasionransomwaretrojan

    • Lockbit

      Ransomware family with multiple variants released since late 2019.

      ransomwarelockbit

    • Modifies Windows Defender Real-time Protection settings

      evasiontrojan

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies Windows Firewall

      evasion

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Drops startup file

    • Drops desktop.ini file(s)

    • Sets desktop wallpaper using registry

      ransomware
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks