General
-
Target
98dc3c468bce7392fe475fd4a20f3b6db05b62b0ba5493f6daaa8b8bffba21f0
-
Size
519KB
-
Sample
220427-wjmsmabgdr
-
MD5
143411ffaba8cee48679bf4c6f0f18d1
-
SHA1
9bece5871acce99982454c8cc8c41c4633115d41
-
SHA256
98dc3c468bce7392fe475fd4a20f3b6db05b62b0ba5493f6daaa8b8bffba21f0
-
SHA512
9f5cbfd291e50f88c04c756e877d7ddac275edcb949f7a6d02898570d5bd374fbd587fd0e1c03406e321396feadaa1309ecad22270710cd784c3eab8a4cd401d
Behavioral task
behavioral1
Sample
98dc3c468bce7392fe475fd4a20f3b6db05b62b0ba5493f6daaa8b8bffba21f0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
98dc3c468bce7392fe475fd4a20f3b6db05b62b0ba5493f6daaa8b8bffba21f0.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9C1830EF8F26439FF
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9C1830EF8F26439FF
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F9A88137322BCB99E3
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F9A88137322BCB99E3
Targets
-
-
Target
98dc3c468bce7392fe475fd4a20f3b6db05b62b0ba5493f6daaa8b8bffba21f0
-
Size
519KB
-
MD5
143411ffaba8cee48679bf4c6f0f18d1
-
SHA1
9bece5871acce99982454c8cc8c41c4633115d41
-
SHA256
98dc3c468bce7392fe475fd4a20f3b6db05b62b0ba5493f6daaa8b8bffba21f0
-
SHA512
9f5cbfd291e50f88c04c756e877d7ddac275edcb949f7a6d02898570d5bd374fbd587fd0e1c03406e321396feadaa1309ecad22270710cd784c3eab8a4cd401d
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-