General

  • Target

    20240106feaaa613a8fa6137a8fcd2af8bb31da8lock.exe

  • Size

    138KB

  • Sample

    240107-x1nxpacccm

  • MD5

    feaaa613a8fa6137a8fcd2af8bb31da8

  • SHA1

    eea5de3f9019e9aad0345af5aac35414bf33b2f0

  • SHA256

    5798ad5c1c18beac46d50e7886d71c7d0c213d63d10b86fac76b235e08cc3524

  • SHA512

    8d2249a3ef5fe25e26c9a39bca8ea03510d3c3c5265386d0be700a762663ddfb5e5b00f09098eacc581270d31109b3c9036745318a9e1a4e570f0fd85d846689

  • SSDEEP

    3072:APg5J0+a1HdGyXhj3IjFHds2DbkbJlHz/ElwN3iXxn4yUFkQGEHgX:APgQ+a1HdGyV3IjFHG20VlHolwEBaFk3

Malware Config

Targets

    • Target

      20240106feaaa613a8fa6137a8fcd2af8bb31da8lock.exe

    • Size

      138KB

    • MD5

      feaaa613a8fa6137a8fcd2af8bb31da8

    • SHA1

      eea5de3f9019e9aad0345af5aac35414bf33b2f0

    • SHA256

      5798ad5c1c18beac46d50e7886d71c7d0c213d63d10b86fac76b235e08cc3524

    • SHA512

      8d2249a3ef5fe25e26c9a39bca8ea03510d3c3c5265386d0be700a762663ddfb5e5b00f09098eacc581270d31109b3c9036745318a9e1a4e570f0fd85d846689

    • SSDEEP

      3072:APg5J0+a1HdGyXhj3IjFHds2DbkbJlHz/ElwN3iXxn4yUFkQGEHgX:APgQ+a1HdGyV3IjFHG20VlHolwEBaFk3

    • Modifies visibility of file extensions in Explorer

    • UAC bypass

    • Renames multiple (76) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks