General
-
Target
dd8d547af63fe3934931c7113af5eff72147fb55f0dc633a1bd0af9bc621c83d
-
Size
629KB
-
Sample
220315-y72msseadn
-
MD5
5982636f09b4cf37916955e91e0ad63b
-
SHA1
660ec44bf0a329125b838765413343eebf091921
-
SHA256
dd8d547af63fe3934931c7113af5eff72147fb55f0dc633a1bd0af9bc621c83d
-
SHA512
f5b80194bb3919a2e1de83ce78467701a7d7ce864aca19d3d7379090dcbb5ad3e757404350a0de0a44ef440621c1507742a094f23fe59dbc0aab50a3b32b01f3
Behavioral task
behavioral1
Sample
dd8d547af63fe3934931c7113af5eff72147fb55f0dc633a1bd0af9bc621c83d.exe
Resource
win7-20220310-en
Behavioral task
behavioral2
Sample
dd8d547af63fe3934931c7113af5eff72147fb55f0dc633a1bd0af9bc621c83d.exe
Resource
win10v2004-20220310-en
Malware Config
Extracted
C:\Program Files\7-Zip\Lang\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9B0E237B22759EFD4
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9B0E237B22759EFD4
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9D07078BE4A397ECE
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9D07078BE4A397ECE
Targets
-
-
Target
dd8d547af63fe3934931c7113af5eff72147fb55f0dc633a1bd0af9bc621c83d
-
Size
629KB
-
MD5
5982636f09b4cf37916955e91e0ad63b
-
SHA1
660ec44bf0a329125b838765413343eebf091921
-
SHA256
dd8d547af63fe3934931c7113af5eff72147fb55f0dc633a1bd0af9bc621c83d
-
SHA512
f5b80194bb3919a2e1de83ce78467701a7d7ce864aca19d3d7379090dcbb5ad3e757404350a0de0a44ef440621c1507742a094f23fe59dbc0aab50a3b32b01f3
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-