General
-
Target
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61
-
Size
628KB
-
Sample
220427-wj1dqabgeq
-
MD5
c2e08dbd62f3121911275d0931e64780
-
SHA1
48d1e2e0795a51c116412636632c9160fd1ffcea
-
SHA256
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61
-
SHA512
61694a4372f9461447f03fd50b7ad3af61fa64b9dfeb569979c4f3b9900d3b96aa365fd787f447135dea213e3e2e25ef2496a83332ff257abd3d35b5f927ba86
Behavioral task
behavioral1
Sample
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9DB236228DDE80C43
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9DB236228DDE80C43
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9ACD85970BF3493CB
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9ACD85970BF3493CB
Targets
-
-
Target
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61
-
Size
628KB
-
MD5
c2e08dbd62f3121911275d0931e64780
-
SHA1
48d1e2e0795a51c116412636632c9160fd1ffcea
-
SHA256
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61
-
SHA512
61694a4372f9461447f03fd50b7ad3af61fa64b9dfeb569979c4f3b9900d3b96aa365fd787f447135dea213e3e2e25ef2496a83332ff257abd3d35b5f927ba86
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-