General
-
Target
0f178bc093b6b9d25924a85d9a7dde64592215599733e83e3bbc6df219564335
-
Size
151KB
-
Sample
240314-en7vxscc87
-
MD5
1fbef2a9007eb0e32fb586e0fca3f0e7
-
SHA1
3e86304198d1185a36834e59147fc767315d8678
-
SHA256
0f178bc093b6b9d25924a85d9a7dde64592215599733e83e3bbc6df219564335
-
SHA512
94de457c74b783413514bc5804e86f5e1f0962dc03acf12d0a22c8b383b099518242314862417c24e5b13101b135d36dce285f4db11c989f3bc4331ce1b437b0
-
SSDEEP
3072:3m5H8y2mrr217uS8nW+cpsCp2cOy1cjKCy8YjKGiyWDDuMqqD/E0a3Hv/:3MHf2mr/Ww74cdlzXFqqD/Za//
Static task
static1
Behavioral task
behavioral1
Sample
0f178bc093b6b9d25924a85d9a7dde64592215599733e83e3bbc6df219564335.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
0f178bc093b6b9d25924a85d9a7dde64592215599733e83e3bbc6df219564335.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\Program Files\DVD Maker\en-US\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?83ED6257CCE5CF86CD53F5F936BC8E60
Extracted
C:\Program Files\dotnet\Restore-My-Files.txt
lockbit
http://lockbitks2tvnmwk.onion/?83ED6257CCE5CF86C512744E10D1A2FF
Targets
-
-
Target
0f178bc093b6b9d25924a85d9a7dde64592215599733e83e3bbc6df219564335
-
Size
151KB
-
MD5
1fbef2a9007eb0e32fb586e0fca3f0e7
-
SHA1
3e86304198d1185a36834e59147fc767315d8678
-
SHA256
0f178bc093b6b9d25924a85d9a7dde64592215599733e83e3bbc6df219564335
-
SHA512
94de457c74b783413514bc5804e86f5e1f0962dc03acf12d0a22c8b383b099518242314862417c24e5b13101b135d36dce285f4db11c989f3bc4331ce1b437b0
-
SSDEEP
3072:3m5H8y2mrr217uS8nW+cpsCp2cOy1cjKCy8YjKGiyWDDuMqqD/E0a3Hv/:3MHf2mr/Ww74cdlzXFqqD/Za//
Score10/10-
Modifies boot configuration data using bcdedit
-
Renames multiple (9170) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-