General
-
Target
4a6a4a676a1369817d1a278ffa3339f768b74da335a7713340be32e896dab0df
-
Size
172KB
-
Sample
220427-wj9x6abgfq
-
MD5
381a0e44684c6ae8172006b4a7ccac35
-
SHA1
921cdbc1deb538b7e0c262055c21329b0f5cf4e5
-
SHA256
4a6a4a676a1369817d1a278ffa3339f768b74da335a7713340be32e896dab0df
-
SHA512
8259eb0e684d81e03574295f0487b07b9640469bd7f55aceda619ce8554734dded6f6342f7a8952510d40a471b385f8cf4180a60ecc157b39a040836715a6a1c
Static task
static1
Behavioral task
behavioral1
Sample
4a6a4a676a1369817d1a278ffa3339f768b74da335a7713340be32e896dab0df.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
4a6a4a676a1369817d1a278ffa3339f768b74da335a7713340be32e896dab0df.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9E834EF1D6581820B315FB1A103748FD
http://lockbitks2tvnmwk.onion/?9E834EF1D6581820B315FB1A103748FD
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9E834EF1D6581820C84FF459F2DB65DE
http://lockbitks2tvnmwk.onion/?9E834EF1D6581820C84FF459F2DB65DE
Targets
-
-
Target
4a6a4a676a1369817d1a278ffa3339f768b74da335a7713340be32e896dab0df
-
Size
172KB
-
MD5
381a0e44684c6ae8172006b4a7ccac35
-
SHA1
921cdbc1deb538b7e0c262055c21329b0f5cf4e5
-
SHA256
4a6a4a676a1369817d1a278ffa3339f768b74da335a7713340be32e896dab0df
-
SHA512
8259eb0e684d81e03574295f0487b07b9640469bd7f55aceda619ce8554734dded6f6342f7a8952510d40a471b385f8cf4180a60ecc157b39a040836715a6a1c
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-