General
-
Target
LB3_ReflectiveDll_DllMain-cyt.dll
-
Size
1MB
-
Sample
220925-lf7craebc8
-
MD5
a0238fac8e650339116bbb380066d949
-
SHA1
fcd5d98edcc42d320694185c7224a8168b1e8db2
-
SHA256
5428902b4c844160cb0ee6282a078cbf24d87d46b061ede83ef21682d474cc15
-
SHA512
5cc4adad36858a340edff775cc46d2b16515a919231cd4a8cb75929fd2ac02e2037a00c7a4c5620af05e5d842ea5f8a04ef7e2597cdddeb35f23465fac36f48d
-
SSDEEP
24576:As6VSLLsktePr7vfObQywjVhK6at0EO1Z/wMmM6z/OQb2iZIiylxvl6tqbSwbWV:xgSLJmXviQyK/F1x6DBUN6Dq0
Static task
static1
Behavioral task
behavioral1
Sample
LB3_ReflectiveDll_DllMain-cyt.dll
Resource
win7-20220901-en
Malware Config
Extracted
C:\1GLtau6EZ.README.txt
filedecryptionsupport@msgsafe.io
https://t.me/bl00dy_Ransomware_Gang
Targets
-
-
Target
LB3_ReflectiveDll_DllMain-cyt.dll
-
Size
1MB
-
MD5
a0238fac8e650339116bbb380066d949
-
SHA1
fcd5d98edcc42d320694185c7224a8168b1e8db2
-
SHA256
5428902b4c844160cb0ee6282a078cbf24d87d46b061ede83ef21682d474cc15
-
SHA512
5cc4adad36858a340edff775cc46d2b16515a919231cd4a8cb75929fd2ac02e2037a00c7a4c5620af05e5d842ea5f8a04ef7e2597cdddeb35f23465fac36f48d
-
SSDEEP
24576:As6VSLLsktePr7vfObQywjVhK6at0EO1Z/wMmM6z/OQb2iZIiylxvl6tqbSwbWV:xgSLJmXviQyK/F1x6DBUN6Dq0
Score10/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Loads dropped DLL
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-