lockfile | bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
11-01-2024 07:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

52e1fed4c521294c5de95bba958909c1.exe
Size

267KB
MD5

52e1fed4c521294c5de95bba958909c1
SHA1

1d01528de63c9581be0ea5ebc18dff7f6a2272d4
SHA256

bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce
SHA512

fe173025fd8e966965b2bff9389f25f215c05f54fc2283238e279ec0d14d46655c50f2cbf0d655c073de616f77151837efeffd93302230b34278a1b41f5365d6
SSDEEP

6144:NARrIk3qCl6TvSWg6ZZaYQ4dlGvgjWrgFnp3z3gj77vi7Cr:NARswU124dl3JFnp3rg3DA

Score

10^/10

lockfile ransomware spyware stealer

Malware Config

Extracted

Path

F:\$RECYCLE.BIN\LOCKFILE-README-CALKHSYM-1704957412.hta

Ransom Note

<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"><meta http-equiv="x-ua-compatible" content="ie=9"><title>LOCKFILE</title><hta:application id=LOCKFILE applicationName=LOCKFILE icon=explorer.exe selection=yes scroll=no contextmenu=no innerBorder=no windowState=maximize minimizeButton=no singleInstance=yes sysMenu=no /><link rel="stylesheet" href="public/css/test.css"><meta name="viewport" content="width=device-width, initial-scale=1.0"><style>html{font-size:100%}body{position:relative;border:0;font-family:Arial;padding:1% 0 0 0;margin:0;width:100vw;height:100vh;overflow:hidden}*{font-size:1rem}.g1{content:"";position:absolute;left:0;top:50%;transform:translateY(-50%);height:368px;width:150px;z-index:-1}.g2{z-index:-1;content:"";position:absolute;right:0;top:50%;transform:translateY(-50%);height:368px;width:150px}.container{width:90%;margin:auto}.container img{max-width:100%}.ht{margin-bottom:1%;position:relative;padding-left:16px;font-weight:900;font-size:1rem;line-height:100%;letter-spacing:.05em;text-transform:uppercase;color:#dedede}.hb{margin-bottom:1%}.hb img{width:850px;max-width:100%}.hi{margin-bottom:1rem;background:#fcfcfd;border:1px dashed #f71b3a;box-sizing:border-box;border-radius:4px;padding:1rem 3rem;width:100%}.hit{margin-bottom:1%;font-weight:bold;font-size:.9rem;line-height:100%;color:#222}.hib{font-weight:bold;font-size:.9rem;line-height:100%;color:#f71b3a}.main-p{font-weight:bold;font-size:1rem;line-height:125%;color:#333160}.mn{position:absolute;width:5%;height:276px;top:3rem}.mn img{max-width:90%}.ml1{position:absolute;width:50%;height:10rem;left:0;top:0;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2% 2%}.ml2{position:absolute;width:50%;height:13rem;left:0;top:11rem;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2% 2%}.mr3{position:absolute;padding:2% 2%;width:48%;height:24rem;left:52%;top:0;background:#ffdfdf;border:1px solid #ffa5aa;box-sizing:border-box;border-radius:4px;font-size:15px;line-height:130%}.mlb{font-size:.8rem;line-height:1.2;color:#8988a4;margin-top:2%;margin-bottom:2%}.mlb img{max-width:14px}.sp1{left:0;top:50%;position:absolute;display:block;width:6px;height:6px;background:#f71b3a;transform:translateY(-50%) rotate(135deg)}.mll{font-size:.9rem;line-height:1.2;color:#333160;margin-bottom:2%;position:relative;padding-left:20px}.mll a{font-size:.8rem}.mlt{margin-bottom:15px;font-weight:bold;font-size:.9rem;line-height:1.2;color:#333160}.mlt img{max-width:14px;position:relative}.mrli{font-size:.9rem;line-height:1.2;margin-bottom:2%;position:relative;padding-left:25px}.mrli a{font-size:.9rem}</style><script type="text/javascript">function o(c){var d=new ActiveXObject("WScript.Shell");d.run(c.href)};</script></head><body bgcolor=#F8F8F8 text="buttontext"><img class="g1" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAFwAQMAAABgpRCKAAAABlBMVEXw8PDv7+81SmF7AAAAAXRSTlMBN+Ho8AAAAWpJREFUeAHt1slxBCEMhWFRs3AkhA7BIRAahEYIDoEQOM5CIfvOX2V5nwWOX+8t6RWirzIt1QamGayDaQY7gSlZBTuBKVkBO4ENMM1gFayBdTAly2AV7ATWwQaYZrACVsFOYB1sgClZBitgDewE1sGG0ZSsGK2CNbATWP/YDC/t6K9uYDsqe4Kyb/Pflx0Y9mUEC9CrHnrVgeHgRLANhimA+fkniAPDaU9gERJgI4PoCWAe0mMH5sAgytgSWIQMJdvIIC6D0TwZFGRnNEcGhSOT71iai/4ti39mJyim9bxly27TdFpkFayBnYzWly1btuxH7AVMElgAc2CSwCJYAPNgDkzIElgE24wWwLzRdkZzRpPvWFom+rPmjLYzmjda+EY/R7AEZpxBDxZuyPyN2+7Gzd2hya1buiFTmzmwHZgHiw+8l1q27PTD1r5h1WjFaBlMZhtG62AnsAZWwDKYzNbBGliZbchs9Z3eAJcyeuremDsyAAAAAElFTkSuQmCC"><img class="g2" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAFwAQMAAABgpRCKAAAABlBMVEXv7+/w8PB6KHGJAAAAAnRSTlP/AZKwANwAAAGJSURBVHgB7dSHbQMhFMbxh1xQZwQWyA6MdozGCBmBEVB3QRApF3wk77P80l34q/+uH4Xqx56JWSRmO+LmuSXi5rll4haBEbcMLAEL3Apx2wFLwAIw4paB7YBFYAEYcSvAdsASsAjMAyNuBVgGtgMWheaBEbcitJ3QErAILADzwEhmBVheQGfig9ssncgCqyeLjfRioZkFVhfzb7QCZjrrbtesNJu4qbpYbo8AZjrbtUcAc52l9lhuqnYWZ1sB072F2Qww25ufzV2y9nrAKjfVW5ltJTTdW57NCM32tjtv7pKl2SahVZmpdxY/ZasvWXg1/cNmftX82fMsOg+YvVobNmxHvAgsAPPQ/rPRaDR64qQzN8dNVW4amAXmgE3cVOW2AqaBGaFZYA7YJLQqMyW01TdMQxu2+oYpoZHUJqE5YFZoBpgGtgJGyCZg7opsunKr123qBm115aavyFZCU9/ZDwywW2k08j9s4RsWhZaEtgOWgRWhVWQeWACWgO2AZWAVWQCWgBVg7MQX+2SwUiS8JcwAAAAASUVORK5CYII="><div class="container" style=""><div class="ht"><span style="width:6px;height:15px;background:#f71b3a;position:absolute;display:block;left:0;top:0"></span>LOCK <span style="color:#c4c4c4">FILE</span></div><div class="hb"><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAA4QAAAAwBAMAAAC706n2AAAAGFBMVEVHcEwiIiIiIiIiIiL3Gzr//f79tL76ZHmOe1JuAAAABHRSTlMA/axJAz2MyAAACKNJREFUeAHtmwli4joWRfPDBoDaAMMGnKol1LSBgtoAkA1k2H7LJxxeSW21TEjPfr/bsZ4Gh3t0Jduh7qaYYooppviPj2//hTFRmxBOCCeEE8IJ4YRwignhvzg+bzYrz7YmZ5tN92ejexv1J9QvUmwdgJ+b1D1VEIwkwpfT6e34RPHn6fRImehPyR53u93+0Q5EFKLpj9PpQP4yIAlbUfAydkud0lgcjZPxx8WfcoSbiwZ+prM0RohlhBozBfu8XiyW22IY6xU0HYiORAxngcYzG9nvzkiX+OTZ8oJsseAKxsxGD4tFR1OC3MO5G8XZgqC7CL/vdun4vNv9ovgjqZV+HHcE50nEcwkAz5cqCsZvivzk7NyacR2NgpexW/8bPHGUoO3Jc3HPAyEfwjPiTXxLyxDHQI3Ui9wcIVVD0VCtFPQvB+joYdxFxZwuNmJgfhLxy6xlSXMR5nhpHJfpRGj34gOetd5z5Icnoimpqa9VJcIjbYQ5EuEPET6J0Eoyz7YUoWDmgZDocmAVhHMRig01AqEm0EGQkm4bIZRE6PWXTRfqvpSf09KRay6kvwh14U4D6EKpVSSl6nsgtKEIqR/pwm9VF2pCbagEiJUjnLdduKZChPJAjXUwAM5KN0JKum2EkhAhPbqGC2UHSWqNqgsZq3ChC59lhSs45VW5C3+SFSFn71pIy4vbV4SoJ6WFsRy1kCKReqmGCAnZSTIQrpoIGQwgXp9Gq6YLWUG1/1+MQqnLXSj7GQ3LvXD3C2l14T52NI4AKqtiEghGSs6JCzVXQltS63npQtt6HRqRi3VHlWJRHJjd4rIbcpq78FyERbydyATVWbSg7El+GRotcxc+wLjhQi/s1KG7Uyh3ISmaly7EEAhJmSzUDkKjUV5VIvweCB3QcobF/Y/QhWYK3F78+PhNhHqmE6HCqmQdIS4x5x3fpgt9sYck4SEpW1j2JGMCdRFqPdlXXSguDg7soIMutEnGJQWCgVDBf0KAQhiWBsIx4VngZqDMhXWEdRd6bsSyowjgULUBF5qR/FKEF7gCsrlbE4cMYcOF5gIhwoOu4UIM6G3UwyDCdRWhLkTU3ZALc4RHq0qEVFlwwJYLPc/3wgZCJrEA2ghzFy66QLiqIcSAWPE6FwbCyM8lUnWh04urXu9CrcUS+FOEmmm0C025HjLgob0XXu9CealoiXDeQrga4ULwKegNLoSVHaoudLQNg7zbhfteq6Tj8Vz+XXPhc82FtJZNSgLtA/bC3WOG0M/oJ7vKhWxMDRcq0bZver0LA6G8tVzVhaZSdCNd+DC0F/Ynz66Ex/ZCmt/OyEWyjLRr74XtO1LfrolQMZzbTv9xe+Ey/a/uQrWlEsPe6sIHL1d3oeGzUNOFsxSLIRf2qibBL2Uq6y4sHyqsBxVJfFV34f7Uh/7LEFr5yKB9PD6J0Amp2P35LMXloWLpa8sUeQY1egClC50VXdet4zk8xQVZis+LARduiNpeqPPo2XCht8tNFxI2zbkk/zwmLLrQePp7hFGVI8SfHBzwV92F5zjU3874uoBwNY0pr2iDj/b6K8ugRi/esAsN+YSgxqpwofmu7kLSsGu68N4r1F1Ye8Gm696wWH4LCuVCGlUlwt/0NJkY1F0YCOvvSOnxkl0u5rBzO5uWbYS4dtCFDlMKGgi70oXmq3uhEBYjXOjiOM6F5Iq98PwoFy5U4poLDwVCXCeKlGTQW13oH5u8XvhARULgJkK6pP//QxcqbSALuFe5UFT2aLjQ+lEutHvhwu+IZlkRawhp5ghiOXgkye7admH9Hak9Xo6Xkh/RY/nHprYLk55f6i5URdrmZltCZawLA4YgGy4UYcOFbO0LRwouKp70PupC7ycyhFalw1OOUBR4kSSn735H+jP9F8FqKsJei3ADn0l1ejN0fVAqM94fbodcyDC6p0AYf831up44dMWFDzGBPsqFrswDLmTyP1lW8ByhtAOBCe25xy4k6XjDc6HhahoIsy0deZS1/VzIbK49F2qOEqG5q58LY6P+MBe6Mg/shfhLIHixjjBUNpHd55gE6m3vSA3rs7UROByVpP1cyBSuPBeaaiIc9VxI1lh+oAu92oALv/fKHS3XEB5LxraVYObVG96RVhHeZ3NbkJ9UsuXCpHLFhTD+OBfy0/hAF3ouwmx1/CUQBa+60HUve+NmPJEk1d4Lr3chDIilCJVnzEI6q7nQ+X+7C+++fLGF0Y12oVcQtL9TzLvIlS4cLOu4AqEMTJAxDjETbt8LXw4lwodsbsc3FkYivCsQ3m/VD/FWN7kw5oAlWVznQgfrOK7oIsKAXOyFGS+p2QR1dy6kuczQkoG3pM6Em9+Reu4dqY7zc4BQTQJYdS9EGRffpUn1s/87Xejj+T33rw7tFznWvpDr4rXftkAoYFqeB3tru3AXlGfLhSEi6u4fT/3DmU2DpAlwBSy9epUL9/vj6Xg6gCudpNIbupMXB6EbgdjUjiTSrNN/fo+TTComEcSS+rn4nh8kRCjWsS506NWdTPjSqMbxN3XY9cDXqD4NIbSln8mgkI2cr451F8Yud7BpWDNn6onJa/ZCgvbHbFM16BAT3pNzaT3u6082moOgfGhD/GtcaP/83aUIw9PrAuGsitCRbcloXkaEjHXNXhiSSigg2FZG2lGuV9yRBqldIEy1Bo01n/doIkT7DFgVIZ+fPtaon3zaLqwipJMI/U1JdCNdSGS1jl3c+XaBcNCFCq4NVbf2J1/LLoxukI29sOlCbeg4mcrM7bgVXDVduFZh+0hA/dhkbnLhKhDaUpjjXQhiX+lZWonQAce70PdbpKyStQld6Zm3qVfshaLKXOhbbi9WrHULELqqjlxIg9PapuqHs29x4fYuEN4Ssy8pslJ3479s+vn6+qrm//J49eIg/NBQqI+OrqvXTf84bYoJ4YRwQjghnBBOCKeYYooppphiiv+O+Bvo15hrmh7VCwAAAABJRU5ErkJggg=="></div><div class="hi"><div class="hit">Any attempts to restore your files with the thrid-party software will be <span style="color:#f71b3a;font-size:.9rem">fatal for your files!</span></div><div class="hib">Restore you data posible only buying private key from us.</div></div><div class="main-p">There is only one way to get your files back:</div><div style="position:relative;margin-top:15px"><div class="mn" style=""><img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADgAAAEVBAMAAABH7TtxAAAALVBMVEVHcEz/NXAiIiL9DTYiIiKSIDUiIiL9EzwiIiIiIiL/N3L9ACP8AST+KF3+G0rPEf4SAAAADHRSTlMA/v7+PxmqQoLamc5bm0ExAAAB20lEQVR4Ae3ZtZYUURDG8W9npgV39289xd01w909w2Ncwjl95gHgPYhwWc1xYngFpLjdhd1G16vG539+reHF5+k/fj28c2vYKG/rP2zYsPV+OMxHBSrdvBIAtl9RqDQkKwAONihUeokJlyJkg0KlrAl5IU4kKhwm51ri1BLLBSYSsWFYOicllj/1wmG3z6qfxAAuRtlmkUU92lMu3kS2T42RQjnamPslhtwv1EE9T42RQrlCDdAoVKDM2ivrAaxchdLKpRAq0DOnBHqmaph8WLTY3pPkoOd5cVLeZnNle4dIPVqLFi1a7DtxcK580SFy0LsO2efg93nxRSdKixYtWrToiYs7RBY7RhZn5MW3eXHxX8sZ3U1atGjRYs+Nd7uZHNiUFxd2vizmbtaiRYsWOz7ubjrpbcHtpjneuKup6e5JP2xqeuiHSnHj+FJg7dErUNiU7nUH2YCQ5P4MKj3YeIlLl/MoaxSmew1YG3P/pTq3GDmgqcnR9ekqZjlYhUTi7qZ0dP0T2MpaJ92s1xgk/LLWuFD3mcV1rEBmk24VCDhVet16BCvXO+ogkDRs5YUdrLt2OOR+Rx0ElpNcf4lknUShKUScsIJEo1AHgWAVdIR6b4rQk/4YnMNP5yP+Vz9OakSaLAAAAABJRU5ErkJggg=="></div><div style="margin-left:6%;position:relative"><div class="ml1"><div style="position:relative;top:50%;transform:translateY(-50%)"><div style="font-weight:bold;font-size:1rem;line-height:1.2;color:#333160">contact us</div><div class="mlb" style=""><span class=sp2><img class=im1 src="data:image/x-icon;base64,AAABAAEAGBgAAAEAIACICQAAFgAAACgAAAAYAAAAMAAAAAEAIAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAD//////////9XV1f9YVlj/KScp/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/JiQm/1FQUf/S0tL/////////////////+Pj4/2ppav8hHyH/JSMl/yUjJf8lIyX/JSMl/yQiJP8iICL/IiAi/yIgIv8iICL/IiAi/yIgIv8kIiT/JSMl/yUjJf8lIyX/JSMl/yEfIf9qaGr/+Pj4////////////5eTl/z49Pv8jISP/JSMl/yUjJf8lIyX/JCIk/zk3Of+CgYL/jYyN/42Mjf+NjI3/joyO/318ff80MjT/JCIk/yUjJf8lIyX/JSMl/yMhI/8+PT7/5eTl////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IR8h/3Nxc/////////////////////////////v7+/9jYmP/IiAi/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IR8h/3h3eP////////////////////////////v7+/9nZWf/IR8h/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/IiAi/11cXf/39/f//////////////////////+np6f9JR0n/IyEj/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JCIk/y0sLf+srKz/////////////////8fHx/4KBgv8mJCb/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yQiJP8zMTP/o6Kj//39/f/z8/P/eHd4/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yQhJP89PD3/x8fH///////+/v7/xsXG/z89P/8jISP/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yIgIv+DgYP//////////////////////4OCg/8iICL/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yIgIv+OjY7//////////////////////4yLjP8iICL/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4eHh/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yMhI/9QT1D/5OPk////////////4+Pj/09OT/8jISP/JSMl/yUjJf8lIyX/JSMl/yQiJP88Ojz/4eHh////////////4uHi/zw6PP8kIiT/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/VlRW/6CfoP+enZ7/VlRW/yUjJf8lIyX/JSMl/yUjJf8lIyX/JSMl/yMhI/88Ojz/4uLi////////////7+/v/05NTv8hHyH/JSMl/yUjJf8lIyX/JSMl/yUjJf8lIyX/IiAi/yclJ/88Ojz/JSMl/yQiJP8lIyX/JSMl/yUjJf8lIyX/JSMl/yEfIf9QT1D/8PDw/////////////////6yrrP82NTb/JCIk/yQiJP8lIyX/JSMl/yUjJf8kIiT/IiAi/yIgIv+FhIX/l5aX/zAuMP8kIiT/JSMl/yUjJf8kIiT/JCIk/zg2OP+vrq////////////////////////39/f/T0tP/rKys/6Khov9DQkP/IyEj/yQiJP8vLS//aWhp/5STlP+/vr///v7+/5aVlv8mJCb/IyEj/0NBQ/+ioaL/rKys/9TT1P/+/v7///////////////////////////////////////n5+f9YV1j/IR8h/y4sLv+mpqb/+/v7/////////////////+np6f9IRkj/IB4g/1hWWP/5+fn///////////////////////////////////////////////////////b29v9XVlf/Hx0f/19eX//4+Pj///////////////////////39/f9sa2z/Hhwe/1ZVVv/19fX///////////////////////////////////////////////////////f39/9aWVr/Hhwe/3V0df////////////////////////////////90c3T/Hhwe/1pZWv/39/f///////////////////////////////////////////////////////39/f9vbW//Hhwe/1VUVf/y8vL///////////////////////Ly8v9VVFX/Hhwe/29ub//9/f3///////////////////////////////////////////////////////////+kpKT/JCIk/yknKf+Yl5j/+vr6////////////+/v7/5qZmv8pJyn/JCIk/6SjpP/////////////////////////////////////////////////////////////////q6er/VFNU/yAeIP8sKiz/bWxt/6Wkpf+lpKX/bm1u/y0rLf8gHiD/VFJU/+np6f//////////////////////////////////////////////////////////////////////0NDQ/1BPUP8kIiT/IR8h/yQiJP8kIiT/IR8h/yQiJP9QT1D/0NDQ/////////////////////////////////////////////////////////////////////////////////+Dg4P+CgYL/Pjw+/yclJ/8nJSf/Pj0+/4KBgv/g3+D///////////////////////////////////////////8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA="> UTox       </span><span class=sp2><img class=im1 src="data:image/x-icon;base64,AAABAAEAGBgAAAEAIACICQAAFgAAACgAAAAYAAAAMAAAAAEAIAAAAAAAAAkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAABgAAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAYAAAAAgAAAAAAAAAYAAAAjQAAANgAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADYAAAAjQAAABgAAAChAAAA/wAAAOMAAACIAAAAgQAAAIIAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACCAAAAgQAAAIgAAADjAAAA/wAAAKEAAAD1AAAA8QAAAPEAAABnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGcAAADxAAAA8QAAAPUAAAD/AAAAlQAAAKwAAADwAAAAVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAVAAAAPAAAACsAAAAlQAAAP8AAAD/AAAAfgAAABsAAADEAAAA5QAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAAA5QAAAMQAAAAbAAAAfgAAAP8AAAD/AAAAgQAAAAAAAAAuAAAA1gAAANYAAAAuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4AAADWAAAA1gAAAC4AAAAAAAAAgQAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAQAAAAOUAAADEAAAAHwAAAAAAAAAAAAAAAAAAACcAAAAnAAAAAAAAAAAAAAAAAAAAHwAAAMQAAADlAAAAPwAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAFQAAADwAAAAsAAAABIAAAAAAAAATAAAANwAAADcAAAATAAAAAAAAAASAAAAsAAAAPAAAABUAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAABqAAAA9gAAAJoAAABrAAAA7AAAANEAAADRAAAA7AAAAGsAAACaAAAA9gAAAGoAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAhgAAAP0AAAD8AAAAtAAAACIAAAAiAAAAtAAAAPwAAAD9AAAAhgAAAAIAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAUAAAAngAAAPsAAACaAAAAFAAAAAAAAAAAAAAAFAAAAJoAAAD7AAAAngAAABQAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAAAAAAACMAAAC0AAAA9QAAAH8AAAAKAAAAAAAAAAAAAAAAAAAAAAAAAAoAAAB/AAAA9gAAALQAAAAjAAAAAAAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAAAAAAAANgAAAMsAAADtAAAAZQAAAAMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAAAAZQAAAO0AAADLAAAANgAAAAAAAAAAAAAAgAAAAP8AAAD/AAAAgAAAAAAAAABMAAAA3wAAAN8AAABMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEwAAADfAAAA3wAAAEwAAAAAAAAAgAAAAP8AAAD/AAAAhgAAAGIAAADtAAAAywAAADYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2AAAAywAAAO0AAABiAAAAhgAAAP8AAAD2AAAA4AAAAPAAAACxAAAAHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwAAALEAAADwAAAA4AAAAPYAAAChAAAA/wAAAPQAAACYAAAAfwAAAIIAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACBAAAAgQAAAIEAAACCAAAAfwAAAJgAAAD0AAAA/wAAAKEAAAAYAAAAjQAAANgAAADjAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOQAAADkAAAA5AAAAOMAAADYAAAAjQAAABgAAAAAAAAAAgAAABgAAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAfAAAAHwAAAB8AAAAYAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA/wAAAH4AAAAAAAAAAAAAAAAAAAAAAAAQAAgAAAAAAAAAAAAAAAAAABgAAAB+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAP///wA="> Email </span></div><div class="mll"><span class=sp1></span> qTox ID:  B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB     <a href="https://utox.org/" class=ah1 onclick="o(this)">https://tox.chat/download.html</a> </a></div><div class="mll"><span class=sp1></span> Email:     [email protected]    </div></div></div><div class="ml2"><div style="position:relative;top:50%;transform:translateY(-50%)"><div class="mlt" style="">Through a <img style="" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABYAAAAWCAMAAADza

Emails

[email protected]

URLs

http-equiv="Content-Type"

http-equiv="x-ua-compatible"

Extracted

Path

C:\Users\Public\LOCKFILE-README.hta

Family

lockfile

Ransom Note

LOCK FILE Any attempts to restore your files with the thrid-party software will be fatal for your files! Restore you data posible only buying private key from us. There is only one way to get your files back: contact us qTox ID: B2F873769EB6B508EBC2103DDEB7366CEFB7B09AB8314DAD0C4346169072686690489B47EAEB https://tox.chat/download.html Email: [email protected] Through a recommended Download Tor Browser - https://www.torproject.org/ and install it. Open link in Tor Browser - http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion This link only works in Tor Browser! Follow the instructions on this page Do not try to recover files yourself. this process can damage your data and recovery will become impossible Do not rename encrypted files. Do not waste time trying to find the solution on the Internet. The longer you wait, the higher will become the decryption key price Decryption of your files with the help of third parties may cause increased price (they add their fee to our). Tor Browser may be blocked in your country or corporate network. Use https://bridges.torproject.org or use Tor Browser over VPN. Thanks to the warning wallpaper provided by lockbit, it's easy to use

Emails

[email protected]

URLs

https://tox.chat/download.html

http://zqaflhty5hyziovsxgqvj2mrz5e5rs6oqxzb54zolccfnvtn5w2johad.onion

Signatures

Detect LockFile payload 2 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1888-1284-0x000000013FD60000-0x000000013FE39000-memory.dmp	family_lockfile
behavioral1/memory/1888-7701-0x000000013FD60000-0x000000013FE39000-memory.dmp	family_lockfile

LockFile
LockFile is a new ransomware that emerged in July 2021 with ProxyShell vulnerabilties.
ransomware lockfile
Renames multiple (1096) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Drivers directory 29 IoCs

Processes: