General
-
Target
97dc0777cadf1db157c5bb345a82a0757da92eb21d6a7402e11ea3e2d6209605
-
Size
152KB
-
Sample
220415-hlvz5aaecr
-
MD5
d6404f089ef2bfb45a8a890fdb30b980
-
SHA1
e7a5369e72ecc7b013b124a8c2ada9918a3ef930
-
SHA256
97dc0777cadf1db157c5bb345a82a0757da92eb21d6a7402e11ea3e2d6209605
-
SHA512
36a3ef42420beaacac79d7d2863ec7f67f83be7ad8c9863fede4d84ad79d093a1d103ad8989bb60fb9f7db09a7558429d141768fcdca49b91789be43dcbe0426
Static task
static1
Behavioral task
behavioral1
Sample
97dc0777cadf1db157c5bb345a82a0757da92eb21d6a7402e11ea3e2d6209605.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
97dc0777cadf1db157c5bb345a82a0757da92eb21d6a7402e11ea3e2d6209605.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Lang\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9CD9E338A11EDDD73
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9CD9E338A11EDDD73
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9C80E2F8C607C5BB0
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9C80E2F8C607C5BB0
Targets
-
-
Target
97dc0777cadf1db157c5bb345a82a0757da92eb21d6a7402e11ea3e2d6209605
-
Size
152KB
-
MD5
d6404f089ef2bfb45a8a890fdb30b980
-
SHA1
e7a5369e72ecc7b013b124a8c2ada9918a3ef930
-
SHA256
97dc0777cadf1db157c5bb345a82a0757da92eb21d6a7402e11ea3e2d6209605
-
SHA512
36a3ef42420beaacac79d7d2863ec7f67f83be7ad8c9863fede4d84ad79d093a1d103ad8989bb60fb9f7db09a7558429d141768fcdca49b91789be43dcbe0426
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-