General
-
Target
Lockbit4.zip
-
Size
93KB
-
Sample
240328-r8qhlahh88
-
MD5
cbfa130416e1cd2a0ddf457e635d9c3d
-
SHA1
e16a5d32dea354085cd845f9ab8b3d778f890cb4
-
SHA256
e4bd46ed9c588b369dc6cbaa9d8dd61d59424b677e4724aa7bbe4dc83b170f92
-
SHA512
80f9e8c3934a37941387ecbf79c130a5cfbd8169606bc6f9f35e143e9d4309dc06fd4383c20ed96c9d988246ba347beb11e3707f109674cc07ba86a392fcc735
-
SSDEEP
1536:QURyj38t1eValnHfpPEiNZh+hBtk/yJFhR+N+Z7+/ZyNkR7jk/8bXEAoVlLNNS:hY38t1GSfpEKGIyThRJ7jeF48b0NVlLm
Behavioral task
behavioral1
Sample
Lockbit4.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
Lockbit4.exe
Resource
win10v2004-20240226-en
Malware Config
Extracted
C:\xa1Xx3AXs.README.txt
jimyjoy139@proton.me
328N9mKT6xFe6uTvtpxeKSymgWCbbTGbK2
Targets
-
-
Target
Lockbit4.exe
-
Size
146KB
-
MD5
e544b3593a6441f9654839e11aa0bea5
-
SHA1
f7d5e39e1b031002887b4a7d8a8ef889c892c3e7
-
SHA256
9b5f1ec1ca04344582d1eca400b4a21dfff89bc650aba4715edd7efb089d8141
-
SHA512
9c6f2a04307b0a41e9aaf7c9c68dd901787d7ad65e80f293893c21e026e2de11b729b0fdbeb0c0926214e85d9b4c3473e94017be2e0fb49ed5a91fdff7ca9e83
-
SSDEEP
1536:KzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xD3pt0uCM0Ej+/dO9fRQvffQBfFT:5qJogYkcSNm9V7D5NuEBfWf4BfFT
Score10/10-
Renames multiple (8910) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-