General
-
Target
911335e3c9b76528173864bbab46c2a579b7e5d168f5f8a476f834c2987f9514
-
Size
191KB
-
Sample
220508-glrr2abfdq
-
MD5
c98471a44aaba2193f8509d08c0b6801
-
SHA1
7693d62fe3b7521c4af4acdf85e2f12e94761470
-
SHA256
911335e3c9b76528173864bbab46c2a579b7e5d168f5f8a476f834c2987f9514
-
SHA512
b56513e09175f6cc95af4104462a7314a8d4ef7819fdfc506ebf155d444cbbf96a5e3edf0a6374540b5498a3e8bea2925a4405858834beb795a2690db61f7773
Static task
static1
Behavioral task
behavioral1
Sample
911335e3c9b76528173864bbab46c2a579b7e5d168f5f8a476f834c2987f9514.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
911335e3c9b76528173864bbab46c2a579b7e5d168f5f8a476f834c2987f9514.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?96B283EF5B7ACD4CAC43816FE754BECC
http://lockbitks2tvnmwk.onion/?96B283EF5B7ACD4CAC43816FE754BECC
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?96B283EF5B7ACD4CAFA3A6A68E5A0970
http://lockbitks2tvnmwk.onion/?96B283EF5B7ACD4CAFA3A6A68E5A0970
Targets
-
-
Target
911335e3c9b76528173864bbab46c2a579b7e5d168f5f8a476f834c2987f9514
-
Size
191KB
-
MD5
c98471a44aaba2193f8509d08c0b6801
-
SHA1
7693d62fe3b7521c4af4acdf85e2f12e94761470
-
SHA256
911335e3c9b76528173864bbab46c2a579b7e5d168f5f8a476f834c2987f9514
-
SHA512
b56513e09175f6cc95af4104462a7314a8d4ef7819fdfc506ebf155d444cbbf96a5e3edf0a6374540b5498a3e8bea2925a4405858834beb795a2690db61f7773
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-