General
-
Target
581b977029692c0b8599660f84374c9516275dd348f3ad62dab47dcc7fc44dce
-
Size
472KB
-
Sample
220525-pfpdqaecbp
-
MD5
7e250f427d3a3c977331e0f959cbda5d
-
SHA1
c0098a524b6b78e95cddba3f91782e2ec1c9f8a9
-
SHA256
581b977029692c0b8599660f84374c9516275dd348f3ad62dab47dcc7fc44dce
-
SHA512
5057755e7dcacba2bd9dbd28e4e43c7c6901a6820d01ba2cefc0c94d0ec6e71e2cda8f86a9d59334d99496f95b1389bcf0a4af9748dbca9d8e6ac6d62ab64575
Static task
static1
Behavioral task
behavioral1
Sample
581b977029692c0b8599660f84374c9516275dd348f3ad62dab47dcc7fc44dce.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
581b977029692c0b8599660f84374c9516275dd348f3ad62dab47dcc7fc44dce.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
C:\Program Files\7-Zip\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?8841DD9B0AC925FF8CDB45FA32C58795
http://lockbitks2tvnmwk.onion/?8841DD9B0AC925FF8CDB45FA32C58795
Extracted
C:\odt\Restore-My-Files.txt
lockbit
http://lockbit-decryptor.top/?8841DD9B0AC925FFEA072C230E6C6E86
http://lockbitks2tvnmwk.onion/?8841DD9B0AC925FFEA072C230E6C6E86
Targets
-
-
Target
581b977029692c0b8599660f84374c9516275dd348f3ad62dab47dcc7fc44dce
-
Size
472KB
-
MD5
7e250f427d3a3c977331e0f959cbda5d
-
SHA1
c0098a524b6b78e95cddba3f91782e2ec1c9f8a9
-
SHA256
581b977029692c0b8599660f84374c9516275dd348f3ad62dab47dcc7fc44dce
-
SHA512
5057755e7dcacba2bd9dbd28e4e43c7c6901a6820d01ba2cefc0c94d0ec6e71e2cda8f86a9d59334d99496f95b1389bcf0a4af9748dbca9d8e6ac6d62ab64575
Score10/10-
Modifies boot configuration data using bcdedit
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-