General
-
Target
33c05bb54f0fce069d75a4e13e90f0a130baff6e0d39d9782a3f467abd02803e
-
Size
242KB
-
Sample
220512-nt9q5sdba4
-
MD5
5f280e312f4b1e5b6ed2b6011bc81fd0
-
SHA1
4688cd7a7fa45cd4ba2fc7dd2cdb1e7bde05c8ad
-
SHA256
33c05bb54f0fce069d75a4e13e90f0a130baff6e0d39d9782a3f467abd02803e
-
SHA512
a0f5f5da986f32c6c249770fdbe1e7d23ff737ef084b0c8cb6d6fdb3551e76f68cecb109f84020e5915531a003fbf997b86a89086caf2cecc7f64663ef36feda
Static task
static1
Behavioral task
behavioral1
Sample
33c05bb54f0fce069d75a4e13e90f0a130baff6e0d39d9782a3f467abd02803e.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
33c05bb54f0fce069d75a4e13e90f0a130baff6e0d39d9782a3f467abd02803e.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?96B283EF5B7ACD4CE514760E6C76DD19
http://lockbitks2tvnmwk.onion/?96B283EF5B7ACD4CE514760E6C76DD19
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?96B283EF5B7ACD4CD8F82CD385F7B7D4
http://lockbitks2tvnmwk.onion/?96B283EF5B7ACD4CD8F82CD385F7B7D4
Targets
-
-
Target
33c05bb54f0fce069d75a4e13e90f0a130baff6e0d39d9782a3f467abd02803e
-
Size
242KB
-
MD5
5f280e312f4b1e5b6ed2b6011bc81fd0
-
SHA1
4688cd7a7fa45cd4ba2fc7dd2cdb1e7bde05c8ad
-
SHA256
33c05bb54f0fce069d75a4e13e90f0a130baff6e0d39d9782a3f467abd02803e
-
SHA512
a0f5f5da986f32c6c249770fdbe1e7d23ff737ef084b0c8cb6d6fdb3551e76f68cecb109f84020e5915531a003fbf997b86a89086caf2cecc7f64663ef36feda
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-