General
-
Target
c2b9c0a1456fdf1ad57b1662920394a7b5eea096517e0e934397b0092ed66297
-
Size
184KB
-
Sample
220508-t2vj3sfdbn
-
MD5
112c68cbae5ed25313f277f0a7721ecf
-
SHA1
5a7420f8fe3b81647714b16eed52bfc3ce149d5a
-
SHA256
c2b9c0a1456fdf1ad57b1662920394a7b5eea096517e0e934397b0092ed66297
-
SHA512
fd433cefa7e9a9e0edf85d068644e0749bc260d17ef31dd25b953a5ca2e69a974a491c285c503b6aa3588ea2e5d4a5d9015c8f4f25746f3905a443d6ba4c143a
Static task
static1
Behavioral task
behavioral1
Sample
c2b9c0a1456fdf1ad57b1662920394a7b5eea096517e0e934397b0092ed66297.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
c2b9c0a1456fdf1ad57b1662920394a7b5eea096517e0e934397b0092ed66297.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?96B283EF5B7ACD4CC03BD35F28F1ECAF
http://lockbitks2tvnmwk.onion/?96B283EF5B7ACD4CC03BD35F28F1ECAF
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?96B283EF5B7ACD4CEE742FEA30A7A123
http://lockbitks2tvnmwk.onion/?96B283EF5B7ACD4CEE742FEA30A7A123
Targets
-
-
Target
c2b9c0a1456fdf1ad57b1662920394a7b5eea096517e0e934397b0092ed66297
-
Size
184KB
-
MD5
112c68cbae5ed25313f277f0a7721ecf
-
SHA1
5a7420f8fe3b81647714b16eed52bfc3ce149d5a
-
SHA256
c2b9c0a1456fdf1ad57b1662920394a7b5eea096517e0e934397b0092ed66297
-
SHA512
fd433cefa7e9a9e0edf85d068644e0749bc260d17ef31dd25b953a5ca2e69a974a491c285c503b6aa3588ea2e5d4a5d9015c8f4f25746f3905a443d6ba4c143a
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-