General
-
Target
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61
-
Size
628KB
-
Sample
220506-r8jp2scfhp
-
MD5
c2e08dbd62f3121911275d0931e64780
-
SHA1
48d1e2e0795a51c116412636632c9160fd1ffcea
-
SHA256
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61
-
SHA512
61694a4372f9461447f03fd50b7ad3af61fa64b9dfeb569979c4f3b9900d3b96aa365fd787f447135dea213e3e2e25ef2496a83332ff257abd3d35b5f927ba86
Behavioral task
behavioral1
Sample
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61.exe
Resource
win10-20220414-en
Malware Config
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F997360F45C651CD80
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F997360F45C651CD80
Extracted
C:\Users\Admin\Desktop\LockBit-note.hta
http://lockbit-decryptor.top/?9B7FDA8D33FEC3F997360F45C651CD80
http://lockbitks2tvnmwk.onion/?9B7FDA8D33FEC3F997360F45C651CD80
Targets
-
-
Target
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61
-
Size
628KB
-
MD5
c2e08dbd62f3121911275d0931e64780
-
SHA1
48d1e2e0795a51c116412636632c9160fd1ffcea
-
SHA256
0d71cbd1e262b6abbbcc2f09ff3fad26549ba5d5b8f547ba2dd24b84f17afb61
-
SHA512
61694a4372f9461447f03fd50b7ad3af61fa64b9dfeb569979c4f3b9900d3b96aa365fd787f447135dea213e3e2e25ef2496a83332ff257abd3d35b5f927ba86
Score10/10-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Adds Run key to start application
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-