General
-
Target
23c44d16bda85b39985a20749cb6a3b997d2ea3fd41b38beff2918458a86de0b
-
Size
2.3MB
-
Sample
220509-atwbvsbfe2
-
MD5
8ec9406a3cd9df4fa81bf0b881d658bc
-
SHA1
dc105db20ff05bb49571ce13e02a22e819f08614
-
SHA256
23c44d16bda85b39985a20749cb6a3b997d2ea3fd41b38beff2918458a86de0b
-
SHA512
f2be631d6e26dc15059dc353c83bd3d7708617a605fdbcaccbeddf9a60c263e43d83f371aa8502d8597cc9d98a505afe1cac88961b4a166194c724bf05138940
Static task
static1
Behavioral task
behavioral1
Sample
23c44d16bda85b39985a20749cb6a3b997d2ea3fd41b38beff2918458a86de0b.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
23c44d16bda85b39985a20749cb6a3b997d2ea3fd41b38beff2918458a86de0b.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Lang\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?8CF3E3C381B4E3E2DD6218830EAB1937
http://lockbitks2tvnmwk.onion/?8CF3E3C381B4E3E2DD6218830EAB1937
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?8CF3E3C381B4E3E2C3E99C5CAB5B114F
http://lockbitks2tvnmwk.onion/?8CF3E3C381B4E3E2C3E99C5CAB5B114F
Targets
-
-
Target
23c44d16bda85b39985a20749cb6a3b997d2ea3fd41b38beff2918458a86de0b
-
Size
2.3MB
-
MD5
8ec9406a3cd9df4fa81bf0b881d658bc
-
SHA1
dc105db20ff05bb49571ce13e02a22e819f08614
-
SHA256
23c44d16bda85b39985a20749cb6a3b997d2ea3fd41b38beff2918458a86de0b
-
SHA512
f2be631d6e26dc15059dc353c83bd3d7708617a605fdbcaccbeddf9a60c263e43d83f371aa8502d8597cc9d98a505afe1cac88961b4a166194c724bf05138940
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-