Overview

overview

10

Static

static

8

52e1fed4c5...c1.exe

windows7-x64

10

52e1fed4c5...c1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    52e1fed4c521294c5de95bba958909c1

  • Size

    267KB

  • Sample

    240111-h37p9acch7

  • MD5

    52e1fed4c521294c5de95bba958909c1

  • SHA1

    1d01528de63c9581be0ea5ebc18dff7f6a2272d4

  • SHA256

    bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce

  • SHA512

    fe173025fd8e966965b2bff9389f25f215c05f54fc2283238e279ec0d14d46655c50f2cbf0d655c073de616f77151837efeffd93302230b34278a1b41f5365d6

  • SSDEEP

    6144:NARrIk3qCl6TvSWg6ZZaYQ4dlGvgjWrgFnp3z3gj77vi7Cr:NARswU124dl3JFnp3rg3DA

Score
10/10
lockfileransomwarespywarestealer

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\LOCKFILE-README-CALKHSYM-1704957412.hta

Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="x-ua-compatible" content="ie=9"><title>LOCKFILE</title><hta:application id=LOCKFILE applicationName=LOCKFILE icon=explorer.exe selection=yes scroll=no contextmenu=no innerBorder=no windowState=maximize minimizeButton=no singleInstance=yes sysMenu=no /><link rel="stylesheet" href="public/css/test.css"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>html{font-size:100%}body{position:relative;border:0;font-family:Arial;padding:1% 0 0 0;margin:0;width:100vw;height:100vh;overflow:hidden}*{font-size:1rem}.g1{content:"";position:absolute;left:0;top:50%;transform:translateY(-50%);height:368px;width:150px;z-index:-1}.g2{z-index:-1;content:"";position:absolute;right:0;top:50%;transform:translateY(-50%);height:368px;width:150px}.container{width:90%;margin:auto}.container img{max-width:100%}.ht{margin-bottom:1%;position:relative;padding-left:16px;font-weight:900;font-size:1rem;line-height:100%;letter-spacing:.05em;text-transform:uppercase;color:#dedede}.hb{margin-bottom:1%}.hb img{width:850px;max-width:100%}.hi{margin-bottom:1rem;background:#fcfcfd;border:1px dashed #f71b3a;box-sizing:border-box;border-radius:4px;padding:1rem 3rem;width:100%}.hit{margin-bottom:1%;font-weight:bold;font-size:.9rem;line-height:100%;color:#222}.hib{font-weight:bold;font-size:.9rem;line-height:100%;color:#f71b3a}.main-p{font-weight:bold;font-size:1rem;line-height:125%;color:#333160}.mn{position:absolute;width:5%;height:276px;top:3rem}.mn img{max-width:90%}.ml1{position:absolute;width:50%;height:10rem;left:0;top:0;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2% 2%}.ml2{position:absolute;width:50%;height:13rem;left:0;top:11rem;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2% 2%}.mr3{position:absolute;padding:2% 2%;width:48%;height:24rem;left:52%;top:0;background:#ffdfdf;border:1px solid #ffa5aa;box-sizing:border-box;border-radius:4px;font-size:15px;line-height:130%}.mlb{font-size:.8rem;line-height:1.2;color:#8988a4;margin-top:2%;margin-bottom:2%}.mlb img{max-width:14px}.sp1{left:0;top:50%;position:absolute;display:block;width:6px;height:6px;background:#f71b3a;transform:translateY(-50%) rotate(135deg)}.mll{font-size:.9rem;line-height:1.2;color:#333160;margin-bottom:2%;position:relative;padding-left:20px}.mll a{font-size:.8rem}.mlt{margin-bottom:15px;font-weight:bold;font-size:.9rem;line-height:1.2;color:#333160}.mlt img{max-width:14px;position:relative}.mrli{font-size:.9rem;line-height:1.2;margin-bottom:2%;position:relative;padding-left:25px}.mrli a{font-size:.9rem}</style><script type="text/javascript">function o(c){var d=new ActiveXObject("WScript.Shell");d.run(c.href)};</script></head><body bgcolor=#F8F8F8 text="buttontext"><img class="g1" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAFwAQMAAABgpRCKAAAABlBMVEXw8PDv7+81SmF7AAAAAXRSTlMBN+Ho8AAAAWpJREFUeAHt1slxBCEMhWFRs3AkhA7BIRAahEYIDoEQOM5CIfvOX2V5nwWOX+8t6RWirzIt1QamGayDaQY7gSlZBTuBKVkBO4ENMM1gFayBdTAly2AV7ATWwQaYZrACVsFOYB1sgClZBitgDewE1sGG0ZSsGK2CNbATWP/YDC/t6K9uYDsqe4Kyb/Pflx0Y9mUEC9CrHnrVgeHgRLANhimA+fkniAPDaU9gERJgI4PoCWAe0mMH5sAgytgSWIQMJdvIIC6D0TwZFGRnNEcGhSOT71iai/4ti39mJyim9bxly27TdFpkFayBnYzWly1btuxH7AVMElgAc2CSwCJYAPNgDkzIElgE24wWwLzRdkZzRpPvWFom+rPmjLYzmjda+EY/R7AEZpxBDxZuyPyN2+7Gzd2hya1buiFTmzmwHZgHiw+8l1q27PTD1r5h1WjFaBlMZhtG62AnsAZWwDKYzNbBGliZbchs9Z3eAJcyeuremDsyAAAAAElFTkSuQmCC"><img class="g2" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAFwAQMAAABgpRCKAAAABlBMVEXv7+/w8PB6KHGJAAAAAnRSTlP/AZKwANwAAAGJSURBVHgB7dSHbQMhFMbxh1xQZwQWyA6MdozGCBmBEVB3QRApF3wk77P80l34q/+uH4Xqx56JWSRmO+LmuSXi5rll4haBEbcMLAEL3Apx2wFLwAIw4paB7YBFYAEYcSvAdsASsAjMAyNuBVgGtgMWheaBEbcitJ3QErAILADzwEhmBVheQGfig9ssncgCqyeLjfRioZkFVhfzb7QCZjrrbtesNJu4qbpYbo8AZjrbtUcAc52l9lhuqnYWZ1sB072F2Qww25ufzV2y9nrAKjfVW5ltJTTdW57NCM32tjtv7pKl2SahVZmpdxY/ZasvWXg1/cNmftX82fMsOg+YvVobNmxHvAgsAPPQ/rPRaDR64qQzN8dNVW4amAXmgE3cVOW2AqaBGaFZYA7YJLQqMyW01TdMQxu2+oYpoZHUJqE5YFZoBpgGtgJGyCZg7opsunKr123qBm115aavyFZCU9/ZDwywW2k08j9s4RsWhZaEtgOWgRWhVWQeWACWgO2AZWAVWQCWgBVg7MQX+2SwUiS8JcwAAAAASUVORK5CYII="><div class="container" style=""><div class="ht"><span style="width:6px;height:15px;background:#f71b3a;position:absolute;display:block;left:0;top:0"></span>LOCK <span style="color:#c4c4c4">FILE</span></div><div class="hb"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4QAAAAwBAMAAAC706n2AAAAGFBMVEVHcEwiIiIiIiIiIiL3Gzr//f79tL76ZHmOe1JuAAAABHRSTlMA/axJAz2MyAAACKNJREFUeAHtmwli4joWRfPDBoDaAMMGnKol1LSBgtoAkA1k2H7LJxxeSW21TEjPfr/bsZ4Gh3t0Jduh7qaYYooppviPj2//hTFRmxBOCCeEE8IJ4YRwignhvzg+bzYrz7YmZ5tN92ejexv1J9QvUmwdgJ+b1D1VEIwkwpfT6e34RPHn6fRImehPyR53u93+0Q5EFKLpj9PpQP4yIAlbUfAydkud0lgcjZPxx8WfcoSbiwZ+prM0RohlhBozBfu8XiyW22IY6xU0HYiORAxngcYzG9nvzkiX+OTZ8oJsseAKxsxGD4tFR1OC3MO5G8XZgqC7CL/vdun4vNv9ovgjqZV+HHcE50nEcwkAz5cqCsZvivzk7NyacR2NgpexW/8bPHGUoO3Jc3HPAyEfwjPiTXxLyxDHQI3Ui9wcIVVD0VCtFPQvB+joYdxFxZwuNmJgfhLxy6xlSXMR5nhpHJfpRGj34gOetd5z5Icnoimpqa9VJcIjbYQ5EuEPET6J0Eoyz7YUoWDmgZDocmAVhHMRig01AqEm0EGQkm4bIZRE6PWXTRfqvpSf09KRay6kvwh14U4D6EKpVSSl6nsgtKEIqR/pwm9VF2pCbagEiJUjnLdduKZChPJAjXUwAM5KN0JKum2EkhAhPbqGC2UHSWqNqgsZq3ChC59lhSs45VW5C3+SFSFn71pIy4vbV4SoJ6WFsRy1kCKReqmGCAnZSTIQrpoIGQwgXp9Gq6YLWUG1/1+MQqnLXSj7GQ3LvXD3C2l14T52NI4AKqtiEghGSs6JCzVXQltS63npQtt6HRqRi3VHlWJRHJjd4rIbcpq78FyERbydyATVWbSg7El+GRotcxc+wLjhQi/s1KG7Uyh3ISmaly7EEAhJmSzUDkKjUV5VIvweCB3QcobF/Y/QhWYK3F78+PhNhHqmE6HCqmQdIS4x5x3fpgt9sYck4SEpW1j2JGMCdRFqPdlXXSguDg7soIMutEnGJQWCgVDBf0KAQhiWBsIx4VngZqDMhXWEdRd6bsSyowjgULUBF5qR/FKEF7gCsrlbE4cMYcOF5gIhwoOu4UIM6G3UwyDCdRWhLkTU3ZALc4RHq0qEVFlwwJYLPc/3wgZCJrEA2ghzFy66QLiqIcSAWPE6FwbCyM8lUnWh04urXu9CrcUS+FOEmmm0C025HjLgob0XXu9CealoiXDeQrga4ULwKegNLoSVHaoudLQNg7zbhfteq6Tj8Vz+XXPhc82FtJZNSgLtA/bC3WOG0M/oJ7vKhWxMDRcq0bZver0LA6G8tVzVhaZSdCNd+DC0F/Ynz66Ex/ZCmt/OyEWyjLRr74XtO1LfrolQMZzbTv9xe+Ey/a/uQrWlEsPe6sIHL1d3oeGzUNOFsxSLIRf2qibBL2Uq6y4sHyqsBxVJfFV34f7Uh/7LEFr5yKB9PD6J0Amp2P35LMXloWLpa8sUeQY1egClC50VXdet4zk8xQVZis+LARduiNpeqPPo2XCht8tNFxI2zbkk/zwmLLrQePp7hFGVI8SfHBzwV92F5zjU3874uoBwNY0pr2iDj/b6K8ugRi/esAsN+YSgxqpwofmu7kLSsGu68N4r1F1Ye8Gm696wWH4LCuVCGlUlwt/0NJkY1F0YCOvvSOnxkl0u5rBzO5uWbYS4dtCFDlMKGgi70oXmq3uhEBYjXOjiOM6F5Iq98PwoFy5U4poLDwVCXCeKlGTQW13oH5u8XvhARULgJkK6pP//QxcqbSALuFe5UFT2aLjQ+lEutHvhwu+IZlkRawhp5ghiOXgkye7admH9Hak9Xo6Xkh/RY/nHprYLk55f6i5URdrmZltCZawLA4YgGy4UYcOFbO0LRwouKp70PupC7ycyhFalw1OOUBR4kSSn735H+jP9F8FqKsJei3ADn0l1ejN0fVAqM94fbodcyDC6p0AYf831up44dMWFDzGBPsqFrswDLmTyP1lW8ByhtAOBCe25xy4k6XjDc6HhahoIsy0deZS1/VzIbK49F2qOEqG5q58LY6P+MBe6Mg/shfhLIHixjjBUNpHd55gE6m3vSA3rs7UROByVpP1cyBSuPBeaaiIc9VxI1lh+oAu92oALv/fKHS3XEB5LxraVYObVG96RVhHeZ3NbkJ9UsuXCpHLFhTD+OBfy0/hAF3ouwmx1/CUQBa+60HUve+NmPJEk1d4Lr3chDIilCJVnzEI6q7nQ+X+7C+++fLGF0Y12oVcQtL9TzLvIlS4cLOu4AqEMTJAxDjETbt8LXw4lwodsbsc3FkYivCsQ3m/VD/FWN7kw5oAlWVznQgfrOK7oIsKAXOyFGS+p2QR1dy6kuczQkoG3pM6Em9+Reu4dqY7zc4BQTQJYdS9EGRffpUn1s/87Xejj+T33rw7tFznWvpDr4rXftkAoYFqeB3tru3AXlGfLhSEi6u4fT/3DmU2DpAlwBSy9epUL9/vj6Xg6gCudpNIbupMXB6EbgdjUjiTSrNN/fo+TTComEcSS+rn4nh8kRCjWsS506NWdTPjSqMbxN3XY9cDXqD4NIbSln8mgkI2cr451F8Yud7BpWDNn6onJa/ZCgvbHbFM16BAT3pNzaT3u6082moOgfGhD/GtcaP/83aUIw9PrAuGsitCRbcloXkaEjHXNXhiSSigg2FZG2lGuV9yRBqldIEy1Bo01n/doIkT7DFgVIZ+fPtaon3zaLqwipJMI/U1JdCNdSGS1jl3c+XaBcNCFCq4NVbf2J1/LLoxukI29sOlCbeg4mcrM7bgVXDVduFZh+0hA/dhkbnLhKhDaUpjjXQhiX+lZWonQAce70PdbpKyStQld6Zm3qVfshaLKXOhbbi9WrHULELqqjlxIg9PapuqHs29x4fYuEN4Ssy8pslJ3479s+vn6+qrm//J49eIg/NBQqI+OrqvXTf84bYoJ4YRwQjghnBBOCKeYYooppphiiv+O+Bvo15hrmh7VCwAAAABJRU5ErkJggg=="></div><div class="hi"><div class="hit">Any attempts to restore your files with the thrid-party software will be <span style="color:#f71b3a;font-size:.9rem">fatal for your files!</span></div><div class="hib">Restore you data posible only buying private key from us.</div></div><div class="main-p">There is only one way to get your files back:</div><div style="position:relative;margin-top:15px"><div class="mn" style=""><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAAEVBAMAAABH7TtxAAAALVBMVEVHcEz/NXAiIiL9DTYiIiKSIDUiIiL9EzwiIiIiIiL/N3L9ACP8AST+KF3+G0rPEf4SAAAADHRSTlMA/v7+PxmqQoLamc5bm0ExAAAB20lEQVR4Ae3ZtZYUURDG8W9npgV39289xd01w909w2Ncwjl95gHgPYhwWc1xYngFpLjdhd1G16vG539+reHF5+k/fj28c2vYKG/rP2zYsPV+OMxHBSrdvBIAtl9RqDQkKwAONihUeokJlyJkg0KlrAl5IU4kKhwm51ri1BLLBSYSsWFYOicllj/1wmG3z6qfxAAuRtlmkUU92lMu3kS2T42RQjnamPslhtwv1EE9T42RQrlCDdAoVKDM2ivrAaxchdLKpRAq0DOnBHqmaph8WLTY3pPkoOd5cVLeZnNle4dIPVqLFi1a7DtxcK580SFy0LsO2efg93nxRSdKixYtWrToiYs7RBY7RhZn5MW3eXHxX8sZ3U1atGjRYs+Nd7uZHNiUFxd2vizmbtaiRYsWOz7ubjrpbcHtpjneuKup6e5JP2xqeuiHSnHj+FJg7dErUNiU7nUH2YCQ5P4MKj3YeIlLl/MoaxSmew1YG3P/pTq3GDmgqcnR9ekqZjlYhUTi7qZ0dP0T2MpaJ92s1xgk/LLWuFD3mcV1rEBmk24VCDhVet16BCvXO+ogkDRs5YUdrLt2OOR+Rx0ElpNcf4lknUShKUScsIJEo1AHgWAVdIR6b4rQk/4YnMNP5yP+Vz9OakSaLAAAAABJRU5ErkJggg=="></div><div style="margin-left:6%;position:relative"><div class="ml1"><div style="position:relative;top:50%;transform:translateY(-50%)"><div style="font-weight:bold;font-size:1rem;line-height:1.2;color:#333160">contact us</div><div class="mlb" style=""><span class=sp2><img class=im1 src="data:image/x-icon;base64,AAABAAEAGBgAAAEAIACICQAAFgAAACgAAAAYAAAAMAAAAAEAIAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAD//////////9XV1f9YVlj/KScp/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JiQm/1FQUf/S0tL/////////////////+Pj4/2ppav8hHyH/JSMl/yUjJf8lIyX/JSMl/yQiJP8iICL/IiAi/yIgIv8iICL/IiAi/yIgIv8kIiT/JSMl/yUjJf8lIyX/JSMl/yEfIf9qaGr/+Pj4////////////5eTl/z49Pv8jISP/JSMl/yUjJf8lIyX/JCIk/zk3Of+CgYL/jYyN/42Mjf+NjI3/joyO/318ff80MjT/JCIk/yUjJf8lIyX/JSMl/yMhI/8+PT7/5eTl////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IR8h/3Nxc/////////////////////////////v7+/9jYmP/IiAi/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IR8h/3h3eP////////////////////////////v7+/9nZWf/IR8h/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IiAi/11cXf/39/f//////////////////////+np6f9JR0n/IyEj/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JCIk/y0sLf+srKz/////////////////8fHx/4KBgv8mJCb/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yQiJP8zMTP/o6Kj//39/f/z8/P/eHd4/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yQhJP89PD3/x8fH///////+/v7/xsXG/z89P/8jISP/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yIgIv+DgYP//////////////////////4OCg/8iICL/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yIgIv+OjY7//////////////////////4yLjP8iICL/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yMhI/9QT1D/5OPk////////////4+Pj/09OT/8jISP/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4uHi/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/VlRW/6CfoP+enZ7/VlRW/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yMhI/88Ojz/4uLi////////////7+/v/05NTv8hHyH/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/IiAi/yclJ/88Ojz/JSMl/yQiJP8lIyX/JSMl/yUjJf8lIyX/JSMl/yEfIf9QT1D/8PDw/////////////////6yrrP82NTb/JCIk/yQiJP8lIyX/JSMl/yUjJf8kIiT/IiAi/yIgIv+FhIX/l5aX/zAuMP8kIiT/JSMl/yUjJf8kIiT/JCIk/zg2OP+vrq////////////////////////39/f/T0tP/rKys/6Khov9DQkP/IyEj/yQiJP8vLS//aWhp/5STlP+/vr///v7+/5aVlv8mJCb/IyEj/0NBQ/+ioaL/rKys/9TT1P/+/v7///////////////////////////////////////n5+f9YV1j/IR8h/y4sLv+mpqb/+/v7/////////////////+np6f9IRkj/IB4g/1hWWP/5+fn///////////////////////////////////////////////////////b29v9XVlf/Hx0f/19eX//4+Pj///////////////////////39/f9sa2z/Hhwe/1ZVVv/19fX///////////////////////////////////////////////////////f39/9aWVr/Hhwe/3V0df////////////////////////////////90c3T/Hhwe/1pZWv/39/f///////////////////////////////////////////////////////39/f9vbW//Hhwe/1VUVf/y8vL///////////////////////Ly8v9VVFX/Hhwe/29ub//9/f3///////////////////////////////////////////////////////////+kpKT/JCIk/yknKf+Yl5j/+vr6////////////+/v7/5qZmv8pJyn/JCIk/6SjpP/////////////////////////////////////////////////////////////////q6er/VFNU/yAeIP8sKiz/bWxt/6Wkpf+lpKX/bm1u/y0rLf8gHiD/VFJU/+np6f//////////////////////////////////////////////////////////////////////0NDQ/1BPUP8kIiT/IR8h/yQiJP8kIiT/IR8h/yQiJP9QT1D/0NDQ/////////////////////////////////////////////////////////////////////////////////+Dg4P+CgYL/Pjw+/yclJ/8nJSf/Pj0+/4KBgv/g3+D///////////////////////////////////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="> UTox &#160;&#160;&#160;&#160;&#160;&#160;</span><span class=sp2><img class=im1 src="data:image/x-icon;base64,AAABAAEAGBgAAAEAIACICQAAFgAAACgAAAAYAAAAMAAAAAEAIAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAABgAAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAYAAAAAgAAAAAAAAAYAAAAjQAAANgAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADYAAAAjQAAABgAAAChAAAA/wAAAOMAAACIAAAAgQAAAIIAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACCAAAAgQAAAIgAAADjAAAA/wAAAKEAAAD1AAAA8QAAAPEAAABnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGcAAADxAAAA8QAAAPUAAAD/AAAAlQAAAKwAAADwAAAAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAAAAPAAAACsAAAAlQAAAP8AAAD/AAAAfgAAABsAAADEAAAA5QAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAA5QAAAMQAAAAbAAAAfgAAAP8AAAD/AAAAgQAAAAAAAAAuAAAA1gAAANYAAAAuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAADWAAAA1gAAAC4AAAAAAAAAgQAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAQAAAAOUAAADEAAAAHwAAAAAAAAAAAAAAAAAAACcAAAAnAAAAAAAAAAAAAAAAAAAAHwAAAMQAAADlAAAAPwAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAFQAAADwAAAAsAAAABIAAAAAAAAATAAAANwAAADcAAAATAAAAAAAAAASAAAAsAAAAPAAAABUAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAABqAAAA9gAAAJoAAABrAAAA7AAAANEAAADRAAAA7AAAAGsAAACaAAAA9gAAAGoAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAhgAAAP0AAAD8AAAAtAAAACIAAAAiAAAAtAAAAPwAAAD9AAAAhgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAngAAAPsAAACaAAAAFAAAAAAAAAAAAAAAFAAAAJoAAAD7AAAAngAAABQAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAACMAAAC0AAAA9QAAAH8AAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAB/AAAA9gAAALQAAAAjAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAANgAAAMsAAADtAAAAZQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAZQAAAO0AAADLAAAANgAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAABMAAAA3wAAAN8AAABMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEwAAADfAAAA3wAAAEwAAAAAAAAAgAAAAP8AAAD/AAAAhgAAAGIAAADtAAAAywAAADYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAywAAAO0AAABiAAAAhgAAAP8AAAD2AAAA4AAAAPAAAACxAAAAHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwAAALEAAADwAAAA4AAAAPYAAAChAAAA/wAAAPQAAACYAAAAfwAAAIIAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACCAAAAfwAAAJgAAAD0AAAA/wAAAKEAAAAYAAAAjQAAANgAAADjAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOMAAADYAAAAjQAAABgAAAAAAAAAAgAAABgAAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAYAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAH4AAAAAAAAAAAAAAAAAAAAAAAAQAAgAAAAAAAAAAAAAAAAAABgAAAB+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wA="> Email </span></div><div class="mll"><span class=sp1></span> qTox ID:&#160; B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB &#160;&#160;&#160;&#160;<a href="https://utox.org/" class=ah1 onclick="o(this)">https://tox.chat/download.html</a> </a></div><div class="mll"><span class=sp1></span> Email: &#160;&#160;&#160; [email protected] &#160;&#160;&#160;</div></div></div><div class="ml2"><div style="position:relative;top:50%;transform:translateY(-50%)"><div class="mlt" style="">Through a <img style="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAMAAADza
URLs

http-equiv="Content-Type"

http-equiv="x-ua-compatible"

Extracted

Path

C:\Users\Public\LOCKFILE-README.hta

Family

lockfile

Ransom Note
LOCK FILE Any attempts to restore your files with the thrid-party software will be fatal for your files! Restore you data posible only buying private key from us. There is only one way to get your files back: contact us qTox ID: B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB https://tox.chat/download.html Email: [email protected] Through a recommended Download Tor Browser - https://www.torproject.org/ and install it. Open link in Tor Browser - http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion This link only works in Tor Browser! Follow the instructions on this page Do not try to recover files yourself. this process can damage your data and recovery will become impossible Do not rename encrypted files. Do not waste time trying to find the solution on the Internet. The longer you wait, the higher will become the decryption key price Decryption of your files with the help of third parties may cause increased price (they add their fee to our). Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. Thanks to the warning wallpaper provided by lockbit, it's easy to use
URLs

https://tox.chat/download.html

http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion

Targets

    • Target

      52e1fed4c521294c5de95bba958909c1

    • Size

      267KB

    • MD5

      52e1fed4c521294c5de95bba958909c1

    • SHA1

      1d01528de63c9581be0ea5ebc18dff7f6a2272d4

    • SHA256

      bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce

    • SHA512

      fe173025fd8e966965b2bff9389f25f215c05f54fc2283238e279ec0d14d46655c50f2cbf0d655c073de616f77151837efeffd93302230b34278a1b41f5365d6

    • SSDEEP

      6144:NARrIk3qCl6TvSWg6ZZaYQ4dlGvgjWrgFnp3z3gj77vi7Cr:NARswU124dl3JFnp3rg3DA

    Score
    10/10
    lockfileransomwarespywarestealer

    • Detect LockFile payload

    • LockFile

      LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.

      ransomwarelockfile

    • Renames multiple (1096) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Drops file in Drivers directory

    • Deletes itself

    • Drops startup file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks