General
-
Target
5735ea71ae9c58fe79c5049056421cf68600d6afdac1c441ae02291637779816
-
Size
145KB
-
Sample
240314-esrz9sab5y
-
MD5
5ff46c6ec36501f106aa7373832bf69c
-
SHA1
fc923fb8bb0fa7d52aa4b3421ea910d9d12a2809
-
SHA256
5735ea71ae9c58fe79c5049056421cf68600d6afdac1c441ae02291637779816
-
SHA512
9a1bd9624f02ab9caaf94381758ca809a73cc1deebe9ba55fb59fd71c003c72f81ee5339e92c673eb1c5f348ec5363f2ca5782391a8123c9b09a3f563f6c31fa
-
SSDEEP
3072:8qJogYkcSNm9V7DXWw+X1gDW1YfJVKhFT:8q2kc4m9tDmbCDWqQ
Behavioral task
behavioral1
Sample
5735ea71ae9c58fe79c5049056421cf68600d6afdac1c441ae02291637779816.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
5735ea71ae9c58fe79c5049056421cf68600d6afdac1c441ae02291637779816.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\sNLnicEVl.README.txt
lockbit
Targets
-
-
Target
5735ea71ae9c58fe79c5049056421cf68600d6afdac1c441ae02291637779816
-
Size
145KB
-
MD5
5ff46c6ec36501f106aa7373832bf69c
-
SHA1
fc923fb8bb0fa7d52aa4b3421ea910d9d12a2809
-
SHA256
5735ea71ae9c58fe79c5049056421cf68600d6afdac1c441ae02291637779816
-
SHA512
9a1bd9624f02ab9caaf94381758ca809a73cc1deebe9ba55fb59fd71c003c72f81ee5339e92c673eb1c5f348ec5363f2ca5782391a8123c9b09a3f563f6c31fa
-
SSDEEP
3072:8qJogYkcSNm9V7DXWw+X1gDW1YfJVKhFT:8q2kc4m9tDmbCDWqQ
Score10/10-
Renames multiple (348) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-