Overview

overview

10

Static

static

8

cafe54e85c...15.exe

windows7_x64

10

cafe54e85c...15.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cafe54e85c539671c94abdeb4b8adbef3bde8655006003088760d04a86b5f915

  • Size

    250KB

  • Sample

    210922-p196xsfbgr

  • MD5

    f08e24f57501f2c4e009b6a7d9249e99

  • SHA1

    cb590e4eaab33bba84082f3acbe01f35e1ce710f

  • SHA256

    cafe54e85c539671c94abdeb4b8adbef3bde8655006003088760d04a86b5f915

  • SHA512

    6f4305c80a49d234ffe423c08512c1685208bcc557d2e18cdff30757ad7b77c51d73046a44cb88bfe6fc31549bbd393a7bd100d1ece26ac3f56cb0e41c4cdb75

Score
10/10
lockfileransomwarespywarestealerupx

Malware Config

Extracted

Path

C:\Users\Public\LOCKFILE-README.hta

Family

lockfile

Ransom Note
LOCK FILE Any attempts to restore your files with the thrid-party software will be fatal for your files! Restore you data posible only buying private key from us. There is only one way to get your files back: contact us qTox ID: B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB https://tox.chat/download.html Email: [email protected] Through a recommended Download Tor Browser - https://www.torproject.org/ and install it. Open link in Tor Browser - http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion This link only works in Tor Browser! Follow the instructions on this page Do not try to recover files yourself. this process can damage your data and recovery will become impossible Do not rename encrypted files. Do not waste time trying to find the solution on the Internet. The longer you wait, the higher will become the decryption key price Decryption of your files with the help of third parties may cause increased price (they add their fee to our). Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. Thanks to the warning wallpaper provided by lockbit, it's easy to use
URLs

https://tox.chat/download.html

http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion

Targets

    • Target

      cafe54e85c539671c94abdeb4b8adbef3bde8655006003088760d04a86b5f915

    • Size

      250KB

    • MD5

      f08e24f57501f2c4e009b6a7d9249e99

    • SHA1

      cb590e4eaab33bba84082f3acbe01f35e1ce710f

    • SHA256

      cafe54e85c539671c94abdeb4b8adbef3bde8655006003088760d04a86b5f915

    • SHA512

      6f4305c80a49d234ffe423c08512c1685208bcc557d2e18cdff30757ad7b77c51d73046a44cb88bfe6fc31549bbd393a7bd100d1ece26ac3f56cb0e41c4cdb75

    Score
    10/10
    lockfileransomwarespywarestealer

    • LockFile

      LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.

      ransomwarelockfile

    • Drops file in Drivers directory

    • Modifies extensions of user files

      Ransomware generally changes the extension on encrypted files.

      ransomware

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks