General

  • Target

    2024010680d761f058f9c348b62c0bed3d0d7144lock.exe

  • Size

    255KB

  • Sample

    240107-x12tjsdbh2

  • MD5

    80d761f058f9c348b62c0bed3d0d7144

  • SHA1

    97d064c0cc08cead365e3f31c13ea3c5f2870911

  • SHA256

    a94ff774cc6a77bd38b391e73eddbd31576f2f2cebcd46fa01d8a75b596142cb

  • SHA512

    270de0950ae9f231cda5b61f46215a9e4b78eaf0bef8d49d3bcdd5ccd1599abff835f5db00162da87897121c4d5e6773d6bf23003b89f8ef58ddd038718b1703

  • SSDEEP

    6144:9mZ1LV5gs78D7o1dQPUJM5SJGg+5eYtk/:kZ1L8x6QPUJ4SJGg+59tk/

Malware Config

Targets

    • Target

      2024010680d761f058f9c348b62c0bed3d0d7144lock.exe

    • Size

      255KB

    • MD5

      80d761f058f9c348b62c0bed3d0d7144

    • SHA1

      97d064c0cc08cead365e3f31c13ea3c5f2870911

    • SHA256

      a94ff774cc6a77bd38b391e73eddbd31576f2f2cebcd46fa01d8a75b596142cb

    • SHA512

      270de0950ae9f231cda5b61f46215a9e4b78eaf0bef8d49d3bcdd5ccd1599abff835f5db00162da87897121c4d5e6773d6bf23003b89f8ef58ddd038718b1703

    • SSDEEP

      6144:9mZ1LV5gs78D7o1dQPUJM5SJGg+5eYtk/:kZ1L8x6QPUJ4SJGg+59tk/

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (75) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks