General
-
Target
이력서12.zip
-
Size
783KB
-
Sample
230321-bc12fsaa8z
-
MD5
b84ad67ac5e6bda5b67396ff1ad0a60d
-
SHA1
ad992ac91210fd828225f4fd133e822aed3207e5
-
SHA256
9916a835c20ea3eb75657f34eeb0fa152e72b374954bea087445d7e383e68455
-
SHA512
0e80408a147b3a29a802b97dbab0819bdd509792f3d1a0e91e4c29cf5258820eb9ca7764584757b20ebbc8609881e330af5d0f44c8eb5b3b18d18479f07a6f71
-
SSDEEP
12288:SuP7bSmQucJGzJUpkc+MKqApglBZfDnBGk3Pbv9NyutE04mbPW:pDckJU/OqBJnLpK0t7W
Static task
static1
Behavioral task
behavioral1
Sample
이력서12/[[[이력서_230319]]] 경력사항도 같이 기재하였습니다 잘 부탁드립니다.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
이력서12/[[[이력서_230319]]] 경력사항도 같이 기재하였습니다 잘 부탁드립니다.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral3
Sample
이력서12/[[[지원서_230319]]] 경력사항도 같이 기재하였습니다 잘 부탁드립니다.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
이력서12/[[[지원서_230319]]] 경력사항도 같이 기재하였습니다 잘 부탁드립니다.exe
Resource
win10v2004-20230221-en
Malware Config
Extracted
vidar
3
889f306780b9cb1c51407e1397fad1d6
https://t.me/zaskullz
https://steamcommunity.com/profiles/76561199486572327
http://135.181.87.234:80
-
profile_id_v2
889f306780b9cb1c51407e1397fad1d6
Extracted
C:\Program Files\Java\jdk1.7.0_80\db\Restore-My-Files.txt
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
https://bigblog.at
http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion
http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion
https://decoding.at
Extracted
C:\Program Files\Java\jdk1.8.0_66\Restore-My-Files.txt
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
https://bigblog.at
http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion
http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion
https://decoding.at
Extracted
C:\Users\Admin\Desktop\LockBit_Ransomware.hta
https://decoding.at/
http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion/or
https://decoding.at
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
https://bigblog.at
Targets
-
-
Target
이력서12/[[[이력서_230319]]] 경력사항도 같이 기재하였습니다 잘 부탁드립니다.exe
-
Size
411KB
-
MD5
fc2f9d2feb5b6b27ea26c52b94a5b13b
-
SHA1
3782ee4101c30324a1ad34085e77ab5687f2f4f5
-
SHA256
c3aebf9aaf4344ec8327a9a95490a3f8cc7bcb77f178ef91c17ddb39e486d095
-
SHA512
f28e11b32ada626d01b975ccc0a0521f1e802ed395c6f42a328637fe5ac7c8d1f54bce8f9c2b3beb33b86bcd033db815dfa353d63d1ea65a655d3e792ca6b7b8
-
SSDEEP
6144:GtwL4KduKVxtS+5oT2Xt6POVKE6wzcQdzNzjSImZnV0coMdL:GtwEKkuXe2cPOsc7d5zjYZV0BuL
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
-
-
Target
이력서12/[[[지원서_230319]]] 경력사항도 같이 기재하였습니다 잘 부탁드립니다.exe
-
Size
618KB
-
MD5
1a87ef8545c41b63e977257b9ca28783
-
SHA1
332ac4f7d6bc9475056c6e10c14354b241294c4e
-
SHA256
3dd1f4cf287d2ba8351863bdd909e74e5e30248f89c0229e5b4ed3f2dca35728
-
SHA512
f5c4aa9dd8a7eb3b5ff8d91979dd3f3ca49fd33511949887af36ef0456561039dd494f542e686846b018e2f5f08a3e0cd23eb80c8052fa71641a52bd65e72fd6
-
SSDEEP
12288:rq5fNDCg6rovkRyuWtVgs37kyRoO5tOt5Uf1gGiJw/Rqthu8EgGL:mbCg6EYy5gS79RoO5tOrGi0sbpG
Score10/10-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies boot configuration data using bcdedit
-
Modifies extensions of user files
Ransomware generally changes the extension on encrypted files.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-