General
-
Target
LB4.bin.exe
-
Size
146KB
-
Sample
240328-dt6z5sdf8w
-
MD5
e544b3593a6441f9654839e11aa0bea5
-
SHA1
f7d5e39e1b031002887b4a7d8a8ef889c892c3e7
-
SHA256
9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141
-
SHA512
9c6f2a04307b0a41e9aaf7c9c68dd901787d7ad65e80f293893c21e026e2de11b729b0fdbeb0c0926214e85d9b4c3473e94017be2e0fb49ed5a91fdff7ca9e83
-
SSDEEP
1536:KzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD3pt0uCM0Ej+/dO9fRQvffQBfFT:5qJogYkcSNm9V7D5NuEBfWf4BfFT
Behavioral task
behavioral1
Sample
LB4.bin.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
LB4.bin.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\xa1Xx3AXs.README.txt
jimyjoy139@proton.me
328N9mKT6xFe6uTvtpxeKSymgWCbbTGbK2
Targets
-
-
Target
LB4.bin.exe
-
Size
146KB
-
MD5
e544b3593a6441f9654839e11aa0bea5
-
SHA1
f7d5e39e1b031002887b4a7d8a8ef889c892c3e7
-
SHA256
9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141
-
SHA512
9c6f2a04307b0a41e9aaf7c9c68dd901787d7ad65e80f293893c21e026e2de11b729b0fdbeb0c0926214e85d9b4c3473e94017be2e0fb49ed5a91fdff7ca9e83
-
SSDEEP
1536:KzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD3pt0uCM0Ej+/dO9fRQvffQBfFT:5qJogYkcSNm9V7D5NuEBfWf4BfFT
Score10/10-
Renames multiple (8883) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-