General
-
Target
LockBit30.zip
-
Size
883KB
-
Sample
220922-d9btyahge7
-
MD5
eb0fc44bc167b51b4a9badfe7ab8be19
-
SHA1
b2137a18c6fea8b0d34fe93db10a610a8b895c42
-
SHA256
d2942c6c19e67220d72bfb9a30b019627b950ff0fa8669a475d5730ff5097112
-
SHA512
14245cccfcddbf8319d6f942e93cb739a48c700463c62f97cfa343245e84eb4b33afda4beb44088252d5fd51ed3c54d91147abac55ae5aa23b5827b6959944c7
-
SSDEEP
12288:jS6n00zw5jtHfpKTZaNzjsRHaMWHT+sOZOZdYKsqh4EzwkMeWgY1NmyESPB1/a2W:Xnb2ZHB2ZUjqHaMQ8+i9lgYSS5c
Behavioral task
behavioral1
Sample
LockBit30.zip
Resource
win10-20220812-en
Malware Config
Extracted
blackmatter
25.239
Extracted
C:\ZImkTWSLZ.README.txt
598954663666452@exploit.im
365473292355268@thesecure.biz
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
http://lockbitapt.uz
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
https://twitter.com/hashtag/lockbit?f=live
http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
http://lockbitsupp.uz
https://tox.chat/download.html
Targets
-
-
Target
LockBit30.zip
-
Size
883KB
-
MD5
eb0fc44bc167b51b4a9badfe7ab8be19
-
SHA1
b2137a18c6fea8b0d34fe93db10a610a8b895c42
-
SHA256
d2942c6c19e67220d72bfb9a30b019627b950ff0fa8669a475d5730ff5097112
-
SHA512
14245cccfcddbf8319d6f942e93cb739a48c700463c62f97cfa343245e84eb4b33afda4beb44088252d5fd51ed3c54d91147abac55ae5aa23b5827b6959944c7
-
SSDEEP
12288:jS6n00zw5jtHfpKTZaNzjsRHaMWHT+sOZOZdYKsqh4EzwkMeWgY1NmyESPB1/a2W:Xnb2ZHB2ZUjqHaMQ8+i9lgYSS5c
Score10/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-