Overview

overview

10

Static

static

10

1f0a89360b...5f.exe

windows7-x64

10

1f0a89360b...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1f0a89360bb9471af8b2b1136eafd65f

  • Size

    250KB

  • Sample

    231230-2thvbahfa4

  • MD5

    1f0a89360bb9471af8b2b1136eafd65f

  • SHA1

    a7bd3592ff31c5c659cda9810936ddce842d6590

  • SHA256

    2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a

  • SHA512

    c696ee6a3a65cf01f120724c8536d14bbdc5283e6a62e1a26454629ea30c4015d62c1ba6139ca158f9952d6028ea7d9a1f76a4d2adad4e3a377d06607f5ad031

  • SSDEEP

    6144:bAr3VCaIjpP65V3Q400RwDym6flM5OPh2r:bAr3VCMP00RwDymd5Uh2r

Score
10/10
lockfileransomwarespywarestealerupx

Malware Config

Extracted

Path

C:\Users\LOCKFILE-README-GLTGRJAG-1704392475.hta

Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="x-ua-compatible" content="ie=9"><title>LOCKFILE</title><hta:application id=LOCKFILE applicationName=LOCKFILE icon=explorer.exe selection=yes scroll=no contextmenu=no innerBorder=no windowState=maximize minimizeButton=no singleInstance=yes sysMenu=no /><link rel="stylesheet" href="public/css/test.css"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>html{font-size:100%}body{position:relative;border:0;font-family:Arial;padding:1% 0 0 0;margin:0;width:100vw;height:100vh;overflow:hidden}*{font-size:1rem}.g1{content:"";position:absolute;left:0;top:50%;transform:translateY(-50%);height:368px;width:150px;z-index:-1}.g2{z-index:-1;content:"";position:absolute;right:0;top:50%;transform:translateY(-50%);height:368px;width:150px}.container{width:90%;margin:auto}.container img{max-width:100%}.ht{margin-bottom:1%;position:relative;padding-left:16px;font-weight:900;font-size:1rem;line-height:100%;letter-spacing:.05em;text-transform:uppercase;color:#dedede}.hb{margin-bottom:1%}.hb img{width:850px;max-width:100%}.hi{margin-bottom:1rem;background:#fcfcfd;border:1px dashed #f71b3a;box-sizing:border-box;border-radius:4px;padding:1rem 3rem;width:100%}.hit{margin-bottom:1%;font-weight:bold;font-size:.9rem;line-height:100%;color:#222}.hib{font-weight:bold;font-size:.9rem;line-height:100%;color:#f71b3a}.main-p{font-weight:bold;font-size:1rem;line-height:125%;color:#333160}.mn{position:absolute;width:5%;height:276px;top:3rem}.mn img{max-width:90%}.ml1{position:absolute;width:50%;height:10rem;left:0;top:0;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2% 2%}.ml2{position:absolute;width:50%;height:13rem;left:0;top:11rem;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2% 2%}.mr3{position:absolute;padding:2% 2%;width:48%;height:24rem;left:52%;top:0;background:#ffdfdf;border:1px solid #ffa5aa;box-sizing:border-box;border-radius:4px;font-size:15px;line-height:130%}.mlb{font-size:.8rem;line-height:1.2;color:#8988a4;margin-top:2%;margin-bottom:2%}.mlb img{max-width:14px}.sp1{left:0;top:50%;position:absolute;display:block;width:6px;height:6px;background:#f71b3a;transform:translateY(-50%) rotate(135deg)}.mll{font-size:.9rem;line-height:1.2;color:#333160;margin-bottom:2%;position:relative;padding-left:20px}.mll a{font-size:.8rem}.mlt{margin-bottom:15px;font-weight:bold;font-size:.9rem;line-height:1.2;color:#333160}.mlt img{max-width:14px;position:relative}.mrli{font-size:.9rem;line-height:1.2;margin-bottom:2%;position:relative;padding-left:25px}.mrli a{font-size:.9rem}</style><script type="text/javascript">function o(c){var d=new ActiveXObject("WScript.Shell");d.run(c.href)};</script></head><body bgcolor=#F8F8F8 text="buttontext"><img class="g1" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAFwAQMAAABgpRCKAAAABlBMVEXw8PDv7+81SmF7AAAAAXRSTlMBN+Ho8AAAAWpJREFUeAHt1slxBCEMhWFRs3AkhA7BIRAahEYIDoEQOM5CIfvOX2V5nwWOX+8t6RWirzIt1QamGayDaQY7gSlZBTuBKVkBO4ENMM1gFayBdTAly2AV7ATWwQaYZrACVsFOYB1sgClZBitgDewE1sGG0ZSsGK2CNbATWP/YDC/t6K9uYDsqe4Kyb/Pflx0Y9mUEC9CrHnrVgeHgRLANhimA+fkniAPDaU9gERJgI4PoCWAe0mMH5sAgytgSWIQMJdvIIC6D0TwZFGRnNEcGhSOT71iai/4ti39mJyim9bxly27TdFpkFayBnYzWly1btuxH7AVMElgAc2CSwCJYAPNgDkzIElgE24wWwLzRdkZzRpPvWFom+rPmjLYzmjda+EY/R7AEZpxBDxZuyPyN2+7Gzd2hya1buiFTmzmwHZgHiw+8l1q27PTD1r5h1WjFaBlMZhtG62AnsAZWwDKYzNbBGliZbchs9Z3eAJcyeuremDsyAAAAAElFTkSuQmCC"><img class="g2" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAFwAQMAAABgpRCKAAAABlBMVEXv7+/w8PB6KHGJAAAAAnRSTlP/AZKwANwAAAGJSURBVHgB7dSHbQMhFMbxh1xQZwQWyA6MdozGCBmBEVB3QRApF3wk77P80l34q/+uH4Xqx56JWSRmO+LmuSXi5rll4haBEbcMLAEL3Apx2wFLwAIw4paB7YBFYAEYcSvAdsASsAjMAyNuBVgGtgMWheaBEbcitJ3QErAILADzwEhmBVheQGfig9ssncgCqyeLjfRioZkFVhfzb7QCZjrrbtesNJu4qbpYbo8AZjrbtUcAc52l9lhuqnYWZ1sB072F2Qww25ufzV2y9nrAKjfVW5ltJTTdW57NCM32tjtv7pKl2SahVZmpdxY/ZasvWXg1/cNmftX82fMsOg+YvVobNmxHvAgsAPPQ/rPRaDR64qQzN8dNVW4amAXmgE3cVOW2AqaBGaFZYA7YJLQqMyW01TdMQxu2+oYpoZHUJqE5YFZoBpgGtgJGyCZg7opsunKr123qBm115aavyFZCU9/ZDwywW2k08j9s4RsWhZaEtgOWgRWhVWQeWACWgO2AZWAVWQCWgBVg7MQX+2SwUiS8JcwAAAAASUVORK5CYII="><div class="container" style=""><div class="ht"><span style="width:6px;height:15px;background:#f71b3a;position:absolute;display:block;left:0;top:0"></span>LOCK <span style="color:#c4c4c4">FILE</span></div><div class="hb"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4QAAAAwBAMAAAC706n2AAAAGFBMVEVHcEwiIiIiIiIiIiL3Gzr//f79tL76ZHmOe1JuAAAABHRSTlMA/axJAz2MyAAACKNJREFUeAHtmwli4joWRfPDBoDaAMMGnKol1LSBgtoAkA1k2H7LJxxeSW21TEjPfr/bsZ4Gh3t0Jduh7qaYYooppviPj2//hTFRmxBOCCeEE8IJ4YRwignhvzg+bzYrz7YmZ5tN92ejexv1J9QvUmwdgJ+b1D1VEIwkwpfT6e34RPHn6fRImehPyR53u93+0Q5EFKLpj9PpQP4yIAlbUfAydkud0lgcjZPxx8WfcoSbiwZ+prM0RohlhBozBfu8XiyW22IY6xU0HYiORAxngcYzG9nvzkiX+OTZ8oJsseAKxsxGD4tFR1OC3MO5G8XZgqC7CL/vdun4vNv9ovgjqZV+HHcE50nEcwkAz5cqCsZvivzk7NyacR2NgpexW/8bPHGUoO3Jc3HPAyEfwjPiTXxLyxDHQI3Ui9wcIVVD0VCtFPQvB+joYdxFxZwuNmJgfhLxy6xlSXMR5nhpHJfpRGj34gOetd5z5Icnoimpqa9VJcIjbYQ5EuEPET6J0Eoyz7YUoWDmgZDocmAVhHMRig01AqEm0EGQkm4bIZRE6PWXTRfqvpSf09KRay6kvwh14U4D6EKpVSSl6nsgtKEIqR/pwm9VF2pCbagEiJUjnLdduKZChPJAjXUwAM5KN0JKum2EkhAhPbqGC2UHSWqNqgsZq3ChC59lhSs45VW5C3+SFSFn71pIy4vbV4SoJ6WFsRy1kCKReqmGCAnZSTIQrpoIGQwgXp9Gq6YLWUG1/1+MQqnLXSj7GQ3LvXD3C2l14T52NI4AKqtiEghGSs6JCzVXQltS63npQtt6HRqRi3VHlWJRHJjd4rIbcpq78FyERbydyATVWbSg7El+GRotcxc+wLjhQi/s1KG7Uyh3ISmaly7EEAhJmSzUDkKjUV5VIvweCB3QcobF/Y/QhWYK3F78+PhNhHqmE6HCqmQdIS4x5x3fpgt9sYck4SEpW1j2JGMCdRFqPdlXXSguDg7soIMutEnGJQWCgVDBf0KAQhiWBsIx4VngZqDMhXWEdRd6bsSyowjgULUBF5qR/FKEF7gCsrlbE4cMYcOF5gIhwoOu4UIM6G3UwyDCdRWhLkTU3ZALc4RHq0qEVFlwwJYLPc/3wgZCJrEA2ghzFy66QLiqIcSAWPE6FwbCyM8lUnWh04urXu9CrcUS+FOEmmm0C025HjLgob0XXu9CealoiXDeQrga4ULwKegNLoSVHaoudLQNg7zbhfteq6Tj8Vz+XXPhc82FtJZNSgLtA/bC3WOG0M/oJ7vKhWxMDRcq0bZver0LA6G8tVzVhaZSdCNd+DC0F/Ynz66Ex/ZCmt/OyEWyjLRr74XtO1LfrolQMZzbTv9xe+Ey/a/uQrWlEsPe6sIHL1d3oeGzUNOFsxSLIRf2qibBL2Uq6y4sHyqsBxVJfFV34f7Uh/7LEFr5yKB9PD6J0Amp2P35LMXloWLpa8sUeQY1egClC50VXdet4zk8xQVZis+LARduiNpeqPPo2XCht8tNFxI2zbkk/zwmLLrQePp7hFGVI8SfHBzwV92F5zjU3874uoBwNY0pr2iDj/b6K8ugRi/esAsN+YSgxqpwofmu7kLSsGu68N4r1F1Ye8Gm696wWH4LCuVCGlUlwt/0NJkY1F0YCOvvSOnxkl0u5rBzO5uWbYS4dtCFDlMKGgi70oXmq3uhEBYjXOjiOM6F5Iq98PwoFy5U4poLDwVCXCeKlGTQW13oH5u8XvhARULgJkK6pP//QxcqbSALuFe5UFT2aLjQ+lEutHvhwu+IZlkRawhp5ghiOXgkye7admH9Hak9Xo6Xkh/RY/nHprYLk55f6i5URdrmZltCZawLA4YgGy4UYcOFbO0LRwouKp70PupC7ycyhFalw1OOUBR4kSSn735H+jP9F8FqKsJei3ADn0l1ejN0fVAqM94fbodcyDC6p0AYf831up44dMWFDzGBPsqFrswDLmTyP1lW8ByhtAOBCe25xy4k6XjDc6HhahoIsy0deZS1/VzIbK49F2qOEqG5q58LY6P+MBe6Mg/shfhLIHixjjBUNpHd55gE6m3vSA3rs7UROByVpP1cyBSuPBeaaiIc9VxI1lh+oAu92oALv/fKHS3XEB5LxraVYObVG96RVhHeZ3NbkJ9UsuXCpHLFhTD+OBfy0/hAF3ouwmx1/CUQBa+60HUve+NmPJEk1d4Lr3chDIilCJVnzEI6q7nQ+X+7C+++fLGF0Y12oVcQtL9TzLvIlS4cLOu4AqEMTJAxDjETbt8LXw4lwodsbsc3FkYivCsQ3m/VD/FWN7kw5oAlWVznQgfrOK7oIsKAXOyFGS+p2QR1dy6kuczQkoG3pM6Em9+Reu4dqY7zc4BQTQJYdS9EGRffpUn1s/87Xejj+T33rw7tFznWvpDr4rXftkAoYFqeB3tru3AXlGfLhSEi6u4fT/3DmU2DpAlwBSy9epUL9/vj6Xg6gCudpNIbupMXB6EbgdjUjiTSrNN/fo+TTComEcSS+rn4nh8kRCjWsS506NWdTPjSqMbxN3XY9cDXqD4NIbSln8mgkI2cr451F8Yud7BpWDNn6onJa/ZCgvbHbFM16BAT3pNzaT3u6082moOgfGhD/GtcaP/83aUIw9PrAuGsitCRbcloXkaEjHXNXhiSSigg2FZG2lGuV9yRBqldIEy1Bo01n/doIkT7DFgVIZ+fPtaon3zaLqwipJMI/U1JdCNdSGS1jl3c+XaBcNCFCq4NVbf2J1/LLoxukI29sOlCbeg4mcrM7bgVXDVduFZh+0hA/dhkbnLhKhDaUpjjXQhiX+lZWonQAce70PdbpKyStQld6Zm3qVfshaLKXOhbbi9WrHULELqqjlxIg9PapuqHs29x4fYuEN4Ssy8pslJ3479s+vn6+qrm//J49eIg/NBQqI+OrqvXTf84bYoJ4YRwQjghnBBOCKeYYooppphiiv+O+Bvo15hrmh7VCwAAAABJRU5ErkJggg=="></div><div class="hi"><div class="hit">Any attempts to restore your files with the thrid-party software will be <span style="color:#f71b3a;font-size:.9rem">fatal for your files!</span></div><div class="hib">Restore you data posible only buying private key from us.</div></div><div class="main-p">There is only one way to get your files back:</div><div style="position:relative;margin-top:15px"><div class="mn" style=""><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAAEVBAMAAABH7TtxAAAALVBMVEVHcEz/NXAiIiL9DTYiIiKSIDUiIiL9EzwiIiIiIiL/N3L9ACP8AST+KF3+G0rPEf4SAAAADHRSTlMA/v7+PxmqQoLamc5bm0ExAAAB20lEQVR4Ae3ZtZYUURDG8W9npgV39289xd01w909w2Ncwjl95gHgPYhwWc1xYngFpLjdhd1G16vG539+reHF5+k/fj28c2vYKG/rP2zYsPV+OMxHBSrdvBIAtl9RqDQkKwAONihUeokJlyJkg0KlrAl5IU4kKhwm51ri1BLLBSYSsWFYOicllj/1wmG3z6qfxAAuRtlmkUU92lMu3kS2T42RQjnamPslhtwv1EE9T42RQrlCDdAoVKDM2ivrAaxchdLKpRAq0DOnBHqmaph8WLTY3pPkoOd5cVLeZnNle4dIPVqLFi1a7DtxcK580SFy0LsO2efg93nxRSdKixYtWrToiYs7RBY7RhZn5MW3eXHxX8sZ3U1atGjRYs+Nd7uZHNiUFxd2vizmbtaiRYsWOz7ubjrpbcHtpjneuKup6e5JP2xqeuiHSnHj+FJg7dErUNiU7nUH2YCQ5P4MKj3YeIlLl/MoaxSmew1YG3P/pTq3GDmgqcnR9ekqZjlYhUTi7qZ0dP0T2MpaJ92s1xgk/LLWuFD3mcV1rEBmk24VCDhVet16BCvXO+ogkDRs5YUdrLt2OOR+Rx0ElpNcf4lknUShKUScsIJEo1AHgWAVdIR6b4rQk/4YnMNP5yP+Vz9OakSaLAAAAABJRU5ErkJggg=="></div><div style="margin-left:6%;position:relative"><div class="ml1"><div style="position:relative;top:50%;transform:translateY(-50%)"><div style="font-weight:bold;font-size:1rem;line-height:1.2;color:#333160">contact us</div><div class="mlb" style=""><span class=sp2><img class=im1 src="data:image/x-icon;base64,AAABAAEAGBgAAAEAIACICQAAFgAAACgAAAAYAAAAMAAAAAEAIAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAD//////////9XV1f9YVlj/KScp/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JiQm/1FQUf/S0tL/////////////////+Pj4/2ppav8hHyH/JSMl/yUjJf8lIyX/JSMl/yQiJP8iICL/IiAi/yIgIv8iICL/IiAi/yIgIv8kIiT/JSMl/yUjJf8lIyX/JSMl/yEfIf9qaGr/+Pj4////////////5eTl/z49Pv8jISP/JSMl/yUjJf8lIyX/JCIk/zk3Of+CgYL/jYyN/42Mjf+NjI3/joyO/318ff80MjT/JCIk/yUjJf8lIyX/JSMl/yMhI/8+PT7/5eTl////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IR8h/3Nxc/////////////////////////////v7+/9jYmP/IiAi/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IR8h/3h3eP////////////////////////////v7+/9nZWf/IR8h/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IiAi/11cXf/39/f//////////////////////+np6f9JR0n/IyEj/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JCIk/y0sLf+srKz/////////////////8fHx/4KBgv8mJCb/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yQiJP8zMTP/o6Kj//39/f/z8/P/eHd4/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yQhJP89PD3/x8fH///////+/v7/xsXG/z89P/8jISP/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yIgIv+DgYP//////////////////////4OCg/8iICL/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yIgIv+OjY7//////////////////////4yLjP8iICL/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yMhI/9QT1D/5OPk////////////4+Pj/09OT/8jISP/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4uHi/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/VlRW/6CfoP+enZ7/VlRW/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yMhI/88Ojz/4uLi////////////7+/v/05NTv8hHyH/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/IiAi/yclJ/88Ojz/JSMl/yQiJP8lIyX/JSMl/yUjJf8lIyX/JSMl/yEfIf9QT1D/8PDw/////////////////6yrrP82NTb/JCIk/yQiJP8lIyX/JSMl/yUjJf8kIiT/IiAi/yIgIv+FhIX/l5aX/zAuMP8kIiT/JSMl/yUjJf8kIiT/JCIk/zg2OP+vrq////////////////////////39/f/T0tP/rKys/6Khov9DQkP/IyEj/yQiJP8vLS//aWhp/5STlP+/vr///v7+/5aVlv8mJCb/IyEj/0NBQ/+ioaL/rKys/9TT1P/+/v7///////////////////////////////////////n5+f9YV1j/IR8h/y4sLv+mpqb/+/v7/////////////////+np6f9IRkj/IB4g/1hWWP/5+fn///////////////////////////////////////////////////////b29v9XVlf/Hx0f/19eX//4+Pj///////////////////////39/f9sa2z/Hhwe/1ZVVv/19fX///////////////////////////////////////////////////////f39/9aWVr/Hhwe/3V0df////////////////////////////////90c3T/Hhwe/1pZWv/39/f///////////////////////////////////////////////////////39/f9vbW//Hhwe/1VUVf/y8vL///////////////////////Ly8v9VVFX/Hhwe/29ub//9/f3///////////////////////////////////////////////////////////+kpKT/JCIk/yknKf+Yl5j/+vr6////////////+/v7/5qZmv8pJyn/JCIk/6SjpP/////////////////////////////////////////////////////////////////q6er/VFNU/yAeIP8sKiz/bWxt/6Wkpf+lpKX/bm1u/y0rLf8gHiD/VFJU/+np6f//////////////////////////////////////////////////////////////////////0NDQ/1BPUP8kIiT/IR8h/yQiJP8kIiT/IR8h/yQiJP9QT1D/0NDQ/////////////////////////////////////////////////////////////////////////////////+Dg4P+CgYL/Pjw+/yclJ/8nJSf/Pj0+/4KBgv/g3+D///////////////////////////////////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="> UTox &#160;&#160;&#160;&#160;&#160;&#160;</span><span class=sp2><img class=im1 src="data:image/x-icon;base64,AAABAAEAGBgAAAEAIACICQAAFgAAACgAAAAYAAAAMAAAAAEAIAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAABgAAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAYAAAAAgAAAAAAAAAYAAAAjQAAANgAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADYAAAAjQAAABgAAAChAAAA/wAAAOMAAACIAAAAgQAAAIIAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACCAAAAgQAAAIgAAADjAAAA/wAAAKEAAAD1AAAA8QAAAPEAAABnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGcAAADxAAAA8QAAAPUAAAD/AAAAlQAAAKwAAADwAAAAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAAAAPAAAACsAAAAlQAAAP8AAAD/AAAAfgAAABsAAADEAAAA5QAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAA5QAAAMQAAAAbAAAAfgAAAP8AAAD/AAAAgQAAAAAAAAAuAAAA1gAAANYAAAAuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAADWAAAA1gAAAC4AAAAAAAAAgQAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAQAAAAOUAAADEAAAAHwAAAAAAAAAAAAAAAAAAACcAAAAnAAAAAAAAAAAAAAAAAAAAHwAAAMQAAADlAAAAPwAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAFQAAADwAAAAsAAAABIAAAAAAAAATAAAANwAAADcAAAATAAAAAAAAAASAAAAsAAAAPAAAABUAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAABqAAAA9gAAAJoAAABrAAAA7AAAANEAAADRAAAA7AAAAGsAAACaAAAA9gAAAGoAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAhgAAAP0AAAD8AAAAtAAAACIAAAAiAAAAtAAAAPwAAAD9AAAAhgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAngAAAPsAAACaAAAAFAAAAAAAAAAAAAAAFAAAAJoAAAD7AAAAngAAABQAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAACMAAAC0AAAA9QAAAH8AAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAB/AAAA9gAAALQAAAAjAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAANgAAAMsAAADtAAAAZQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAZQAAAO0AAADLAAAANgAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAABMAAAA3wAAAN8AAABMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEwAAADfAAAA3wAAAEwAAAAAAAAAgAAAAP8AAAD/AAAAhgAAAGIAAADtAAAAywAAADYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAywAAAO0AAABiAAAAhgAAAP8AAAD2AAAA4AAAAPAAAACxAAAAHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwAAALEAAADwAAAA4AAAAPYAAAChAAAA/wAAAPQAAACYAAAAfwAAAIIAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACCAAAAfwAAAJgAAAD0AAAA/wAAAKEAAAAYAAAAjQAAANgAAADjAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOMAAADYAAAAjQAAABgAAAAAAAAAAgAAABgAAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAYAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAH4AAAAAAAAAAAAAAAAAAAAAAAAQAAgAAAAAAAAAAAAAAAAAABgAAAB+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wA="> Email </span></div><div class="mll"><span class=sp1></span> qTox ID:&#160; B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB &#160;&#160;&#160;&#160;<a href="https://utox.org/" class=ah1 onclick="o(this)">https://tox.chat/download.html</a> </a></div><div class="mll"><span class=sp1></span> Email: &#160;&#160;&#160; [email protected] &#160;&#160;&#160;</div></div></div><div class="ml2"><div style="position:relative;top:50%;transform:translateY(-50%)"><div class="mlt" style="">Through a <img style="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAMAAADza
URLs

http-equiv="Content-Type"

http-equiv="x-ua-compatible"

Extracted

Path

C:\Users\Public\LOCKFILE-README.hta

Family

lockfile

Ransom Note
LOCK FILE Any attempts to restore your files with the thrid-party software will be fatal for your files! Restore you data posible only buying private key from us. There is only one way to get your files back: contact us qTox ID: B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB https://tox.chat/download.html Email: [email protected] Through a recommended Download Tor Browser - https://www.torproject.org/ and install it. Open link in Tor Browser - http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion This link only works in Tor Browser! Follow the instructions on this page Do not try to recover files yourself. this process can damage your data and recovery will become impossible Do not rename encrypted files. Do not waste time trying to find the solution on the Internet. The longer you wait, the higher will become the decryption key price Decryption of your files with the help of third parties may cause increased price (they add their fee to our). Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. Thanks to the warning wallpaper provided by lockbit, it's easy to use
URLs

https://tox.chat/download.html

http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion

Targets

    • Target

      1f0a89360bb9471af8b2b1136eafd65f

    • Size

      250KB

    • MD5

      1f0a89360bb9471af8b2b1136eafd65f

    • SHA1

      a7bd3592ff31c5c659cda9810936ddce842d6590

    • SHA256

      2a23fac4cfa697cc738d633ec00f3fbe93ba22d2498f14dea08983026fdf128a

    • SHA512

      c696ee6a3a65cf01f120724c8536d14bbdc5283e6a62e1a26454629ea30c4015d62c1ba6139ca158f9952d6028ea7d9a1f76a4d2adad4e3a377d06607f5ad031

    • SSDEEP

      6144:bAr3VCaIjpP65V3Q400RwDym6flM5OPh2r:bAr3VCMP00RwDymd5Uh2r

    Score
    10/10
    lockfileransomwarespywarestealerupx

    • Detect LockFile payload

    • LockFile

      LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.

      ransomwarelockfile

    • Renames multiple (1058) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

      upx

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks