General
-
Target
a6d63a54b5be86d1874d96f25ef8e85c0683ea4d32796931f3241466589a3a49
-
Size
629KB
-
Sample
220315-vxyavadhe8
-
MD5
551d134c5769726aa49edcf2881e3ab6
-
SHA1
fbe0582e76999e1cb36c4fc330f60cbafa65081a
-
SHA256
a6d63a54b5be86d1874d96f25ef8e85c0683ea4d32796931f3241466589a3a49
-
SHA512
e13d966b7bccc7cf2a5b2043323a53c5c766dd7fc30b3633d2d34ae7efe2cdd75817aba78d39bcb128a02717224536ee24356ef5021171121d5966d3d275d6a2
Behavioral task
behavioral1
Sample
a6d63a54b5be86d1874d96f25ef8e85c0683ea4d32796931f3241466589a3a49.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
a6d63a54b5be86d1874d96f25ef8e85c0683ea4d32796931f3241466589a3a49.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F99DE5A3FAC03EF9BB
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F99DE5A3FAC03EF9BB
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9CD7580AE26F5F73C
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9CD7580AE26F5F73C
Targets
-
-
Target
a6d63a54b5be86d1874d96f25ef8e85c0683ea4d32796931f3241466589a3a49
-
Size
629KB
-
MD5
551d134c5769726aa49edcf2881e3ab6
-
SHA1
fbe0582e76999e1cb36c4fc330f60cbafa65081a
-
SHA256
a6d63a54b5be86d1874d96f25ef8e85c0683ea4d32796931f3241466589a3a49
-
SHA512
e13d966b7bccc7cf2a5b2043323a53c5c766dd7fc30b3633d2d34ae7efe2cdd75817aba78d39bcb128a02717224536ee24356ef5021171121d5966d3d275d6a2
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-