General
-
Target
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75.bin
-
Size
546KB
-
Sample
220504-s4rersebg8
-
MD5
e4179bca5bf5b1fd51172d629f5521f8
-
SHA1
488e532e55100da68eaeee30ba342cc05810e296
-
SHA256
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75
-
SHA512
9370d3a2b8d118de6396909b0ca3c1e62e374020ddb0c8a94713f0b596391f20008797509abf300f2241327fe1bfa3338623a56b9be55bd013b6b56e26430035
Static task
static1
Behavioral task
behavioral1
Sample
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?92727EE520AEBC7DB8E773E254FA48E7
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?92727EE520AEBC7DB1078D09CA0FAD57
Targets
-
-
Target
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75.bin
-
Size
546KB
-
MD5
e4179bca5bf5b1fd51172d629f5521f8
-
SHA1
488e532e55100da68eaeee30ba342cc05810e296
-
SHA256
ca57455fd148754bf443a2c8b06dc2a295f014b071e3990dd99916250d21bc75
-
SHA512
9370d3a2b8d118de6396909b0ca3c1e62e374020ddb0c8a94713f0b596391f20008797509abf300f2241327fe1bfa3338623a56b9be55bd013b6b56e26430035
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Uses the VBS compiler for execution
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-