General
-
Target
lockbit.exe
-
Size
146KB
-
Sample
221005-s357jafacl
-
MD5
fed98c2820ca40c228ef080ddf68e994
-
SHA1
c61dd67fa85a6e3e1cf48512263a7097d0eac80e
-
SHA256
943d4c645f76f0d0494cb9ceca513e83a45e738bc2db71360116716720f4bed4
-
SHA512
6a9705d55b322e17e1f4d5380cf895e61ea89cdeca53e1b62833b0a37bafd3b785c8ee8625b4198c132741ad024d949eeb34053ef391a955540a8b836c5c1ca3
-
SSDEEP
1536:LzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDuKaUTGiblZ8FvBq5dF9n4KkPqD:0qJogYkcSNm9V7DxGDcYqg6lT
Static task
static1
Behavioral task
behavioral1
Sample
lockbit.exe
Resource
win7-20220812-en
Malware Config
Targets
-
-
Target
lockbit.exe
-
Size
146KB
-
MD5
fed98c2820ca40c228ef080ddf68e994
-
SHA1
c61dd67fa85a6e3e1cf48512263a7097d0eac80e
-
SHA256
943d4c645f76f0d0494cb9ceca513e83a45e738bc2db71360116716720f4bed4
-
SHA512
6a9705d55b322e17e1f4d5380cf895e61ea89cdeca53e1b62833b0a37bafd3b785c8ee8625b4198c132741ad024d949eeb34053ef391a955540a8b836c5c1ca3
-
SSDEEP
1536:LzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDuKaUTGiblZ8FvBq5dF9n4KkPqD:0qJogYkcSNm9V7DxGDcYqg6lT
Score8/10-
Executes dropped EXE
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Deletes itself
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-