General
-
Target
1474d0e701fbe05b740d7a88e64a2785c74fec9b500f0a9bc84e0d1091bd4ba8
-
Size
371KB
-
Sample
220508-gmjg2sbffk
-
MD5
aee36519b4b8b7a08daaaf6be304da8d
-
SHA1
836961f5e016a2240a4088071cecb22064e1fc44
-
SHA256
1474d0e701fbe05b740d7a88e64a2785c74fec9b500f0a9bc84e0d1091bd4ba8
-
SHA512
bf721f5bbd7f80d1ec4d8d56cbd59ffe75f7978a902c39891a4d6e1410d957291357fcbe1b6858ad68ab36cf301930e05e28c91090bca7b8d14ecadd5cac9f93
Static task
static1
Behavioral task
behavioral1
Sample
1474d0e701fbe05b740d7a88e64a2785c74fec9b500f0a9bc84e0d1091bd4ba8.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
1474d0e701fbe05b740d7a88e64a2785c74fec9b500f0a9bc84e0d1091bd4ba8.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?96B283EF5B7ACD4CAFF60AC8C075E649
http://lockbitks2tvnmwk.onion/?96B283EF5B7ACD4CAFF60AC8C075E649
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?96B283EF5B7ACD4CB0221EE5B5D41430
http://lockbitks2tvnmwk.onion/?96B283EF5B7ACD4CB0221EE5B5D41430
Targets
-
-
Target
1474d0e701fbe05b740d7a88e64a2785c74fec9b500f0a9bc84e0d1091bd4ba8
-
Size
371KB
-
MD5
aee36519b4b8b7a08daaaf6be304da8d
-
SHA1
836961f5e016a2240a4088071cecb22064e1fc44
-
SHA256
1474d0e701fbe05b740d7a88e64a2785c74fec9b500f0a9bc84e0d1091bd4ba8
-
SHA512
bf721f5bbd7f80d1ec4d8d56cbd59ffe75f7978a902c39891a4d6e1410d957291357fcbe1b6858ad68ab36cf301930e05e28c91090bca7b8d14ecadd5cac9f93
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-