Overview

overview

10

Static

static

3

lawsuit.zip

windows10-2004-x64

10

Resubmissions

03/05/2023, 06:56

230503-hqll9adh35 10

02/05/2023, 10:00

230502-l1wfzsae76 10

28/01/2023, 20:32

230128-zbct8sgc59 10

28/01/2023, 20:31

230128-za2rzahf8x 3

23/01/2023, 21:24

230123-z9hhdafe87 10

23/01/2023, 21:19

230123-z6jw2afe75 10

23/01/2023, 21:08

230123-zy4apsfe37 10

23/01/2023, 20:56

230123-zrhenafd86 10

23/01/2023, 16:41

230123-t7eqtafg6t 10

23/01/2023, 16:29

230123-tzremseb62 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    lawsuit.zip

  • Size

    8.5MB

  • Sample

    230123-zy4apsfe37

  • MD5

    01ccead2e9497ce04ab0c2531320224d

  • SHA1

    9b7ebc4d8f97b0e7463a382f3b748a4be48a06a1

  • SHA256

    c898a07ac3e02231a48bf55bd8828d4c77c7ea3c5cfe80e9eec44c81cb476cbb

  • SHA512

    25a07ce5f211dfef00939eb61084675991b72d859ddd39db0d1e5af591811675cec30cc9a6ce397ad2d2abbcc60faff02e556bf8ff6c86045b8d23e6843c04cb

  • SSDEEP

    98304:w9D8TiRYDS2JAVvOhwGw7Kn7iL/ji7BmdAMdT+a3bRQXR5s6PX2STjwmZ0nZSmAL:M+K2JgmwwOL7cLy+aW5puAjgtp5YVr

Score
10/10
lockbitmicrosoftevasionpersistencephishingpyinstallerransomware

Malware Config

Extracted

Path

C:\odt\Restore-My-Files.txt

Family

lockbit

Ransom Note
All your important files are encrypted! Any attempts to restore your files with the thrid-party software will be fatal for your files! RESTORE YOU DATA POSIBLE ONLY BUYING private key from us. There is only one way to get your files back: 1) Through a standard browser(FireFox, Chrome, Edge, Opera) | 1. Open link http://lockbit-decryptor.top/?85C01E35FD24495C8D4BE000C8177E65 | 2. Follow the instructions on this page 2) Through a Tor Browser - recommended | 1. Download Tor browser - https://www.torproject.org/ and install it. | 2. Open link in TOR browser - http://lockbitks2tvnmwk.onion/?85C01E35FD24495C8D4BE000C8177E65 This link only works in Tor Browser! | 3. Follow the instructions on this page ### Attention! ### # lockbit-decryptor.top may be blocked. We recommend using a Tor browser to access the site # Do not rename encrypted files. # Do not try to decrypt using third party software, it may cause permanent data loss. # Decryption of your files with the help of third parties may cause increased price(they add their fee to our). # Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. # Tor Browser user manual https://tb-manual.torproject.org/about
URLs

http://lockbit-decryptor.top/?85C01E35FD24495C8D4BE000C8177E65

http://lockbitks2tvnmwk.onion/?85C01E35FD24495C8D4BE000C8177E65

Targets

    • Target

      lawsuit.zip

    • Size

      8.5MB

    • MD5

      01ccead2e9497ce04ab0c2531320224d

    • SHA1

      9b7ebc4d8f97b0e7463a382f3b748a4be48a06a1

    • SHA256

      c898a07ac3e02231a48bf55bd8828d4c77c7ea3c5cfe80e9eec44c81cb476cbb

    • SHA512

      25a07ce5f211dfef00939eb61084675991b72d859ddd39db0d1e5af591811675cec30cc9a6ce397ad2d2abbcc60faff02e556bf8ff6c86045b8d23e6843c04cb

    • SSDEEP

      98304:w9D8TiRYDS2JAVvOhwGw7Kn7iL/ji7BmdAMdT+a3bRQXR5s6PX2STjwmZ0nZSmAL:M+K2JgmwwOL7cLy+aW5puAjgtp5YVr

    Score
    10/10
    lockbitmicrosoftevasionpersistencephishingransomware

    • Lockbit

      Ransomware family with multiple variants released since late 2019.

      ransomwarelockbit

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Deletes backup catalog

      Uses wbadmin.exe to inhibit system recovery.

      ransomware

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Legitimate hosting services abused for malware hosting/C2

    • Detected potential entity reuse from brand microsoft.

      phishingmicrosoft

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks