Overview

overview

10

Static

static

3

a188e147ba...f4.exe

windows7-x64

10

a188e147ba...f4.exe

windows10-1703-x64

10

a188e147ba...f4.exe

windows10-2004-x64

10

a188e147ba...f4.exe

windows11-21h2-x64

10

Resubmissions

13/04/2024, 09:28 UTC

240413-lfvc7acf52 10

13/04/2024, 09:28 UTC

240413-lft3esff2x 10

13/04/2024, 09:28 UTC

240413-lfemqsff2t 10

13/04/2024, 09:27 UTC

240413-le61lafe91 10

13/04/2024, 09:27 UTC

240413-le6ptsfe9z 10

09/04/2024, 08:16 UTC

240409-j555wadf8x 10

09/04/2024, 08:16 UTC

240409-j55t4sdf8v 10

09/04/2024, 08:16 UTC

240409-j54xtaad59 10

09/04/2024, 08:15 UTC

240409-j52sfsad57 10

04/11/2020, 01:00 UTC

201104-p65ygpgpnx 9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin

  • Size

    483KB

  • Sample

    240409-j52sfsad57

  • MD5

    3265b2b0afc6d2ad0bdd55af8edb9b37

  • SHA1

    24272beb676d956ec8a65b95a2615c9075fa9869

  • SHA256

    a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4

  • SHA512

    28f99da799b43a5fd060b5cab411911b54ceeb51e612ec6213c2b8003ee6de29bc46683ba04507c0e8a92e9fbec4be5cecbc8918618db9c15f231a5be806cb94

  • SSDEEP

    12288:JF+dRkCGjzKd5Ik6ZDEyyq8Me0KzYB3IvClBTn:JF+deC2+d5AZLde0KcBU4BT

Score
10/10
regretlockerpersistenceransomwarespywarestealer

Malware Config

Targets

    • Target

      a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4.bin

    • Size

      483KB

    • MD5

      3265b2b0afc6d2ad0bdd55af8edb9b37

    • SHA1

      24272beb676d956ec8a65b95a2615c9075fa9869

    • SHA256

      a188e147ba147455ce5e3a6eb8ac1a46bdd58588de7af53d4ad542c6986491f4

    • SHA512

      28f99da799b43a5fd060b5cab411911b54ceeb51e612ec6213c2b8003ee6de29bc46683ba04507c0e8a92e9fbec4be5cecbc8918618db9c15f231a5be806cb94

    • SSDEEP

      12288:JF+dRkCGjzKd5Ik6ZDEyyq8Me0KzYB3IvClBTn:JF+deC2+d5AZLde0KcBU4BT

    Score
    10/10
    regretlockerpersistenceransomwarespywarestealer

    • RegretLocker

      Ransomware first reported on Twitter in October 2020.

      ransomwareregretlocker

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomware

    • Renames multiple (4088) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Uses Tor communications

      Malware can proxy its traffic through Tor for more anonymity.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.