General
-
Target
6ceea39b7ac9ae4c9560e9fa6a6174da4f17b83e33896ddbb54d2bcd9b163338
-
Size
174KB
-
Sample
220503-sgtavahhd4
-
MD5
c303d6dbdf135c20cdf95f6e6f3c6bac
-
SHA1
62b370fcfbb7799db5a94852e9906bc0f5d022bc
-
SHA256
6ceea39b7ac9ae4c9560e9fa6a6174da4f17b83e33896ddbb54d2bcd9b163338
-
SHA512
a10710f8db1a112c367c5890946f514e3fb74194168f249715ab7b714b62b6e7b5495c39ea180c5835378cff36f4a583d775a4fed041e6b78ce1cae43b2dff03
Static task
static1
Behavioral task
behavioral1
Sample
6ceea39b7ac9ae4c9560e9fa6a6174da4f17b83e33896ddbb54d2bcd9b163338.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
6ceea39b7ac9ae4c9560e9fa6a6174da4f17b83e33896ddbb54d2bcd9b163338.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?DFB941278EE2558CC77DB2A44D86A15C
http://lockbitks2tvnmwk.onion/?DFB941278EE2558CC77DB2A44D86A15C
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?DFB941278EE2558CAFF23A13E7009C60
http://lockbitks2tvnmwk.onion/?DFB941278EE2558CAFF23A13E7009C60
Targets
-
-
Target
6ceea39b7ac9ae4c9560e9fa6a6174da4f17b83e33896ddbb54d2bcd9b163338
-
Size
174KB
-
MD5
c303d6dbdf135c20cdf95f6e6f3c6bac
-
SHA1
62b370fcfbb7799db5a94852e9906bc0f5d022bc
-
SHA256
6ceea39b7ac9ae4c9560e9fa6a6174da4f17b83e33896ddbb54d2bcd9b163338
-
SHA512
a10710f8db1a112c367c5890946f514e3fb74194168f249715ab7b714b62b6e7b5495c39ea180c5835378cff36f4a583d775a4fed041e6b78ce1cae43b2dff03
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-