infinitylock | 7b82c3211ac2385422370846a2873f6dae0f6441b5a96095fb08754d23ef71f8 | Triage

Sharing

General

Target

VCDS-PCI-15071-Installer.file
Size

27.2MB
Sample

240415-wpf72acg46
MD5

07b471064f26c23a28ae21cbc5c6ec07
SHA1

8fd8b5a7289e26aaf48397b89e0f6653cd43082c
SHA256

7b82c3211ac2385422370846a2873f6dae0f6441b5a96095fb08754d23ef71f8
SHA512

799181487ea18e4f82ca992b8266a7cedcf24d50eeccd4b589ab4054c10610eb44bc7990cad6d38a97ff42bb2f0b857b71857297a8bbde5f33f6a2d7432f3054
SSDEEP

393216:HWoSq/0R7XDdADriXkOG3aTGbz0SDTjIjSk3iO/r7HH8tQUpgrbs/iVA:H7ps7u/iUr3lMiTjIv3ifbpgPs/iVA

Score

10^/10

infinitylock link pdf ransomware upx

Malware Config

Targets

- Target
  
  VCDS-PCI-15071-Installer.file
- Size
  
  27.2MB
- MD5
  
  07b471064f26c23a28ae21cbc5c6ec07
- SHA1
  
  8fd8b5a7289e26aaf48397b89e0f6653cd43082c
- SHA256
  
  7b82c3211ac2385422370846a2873f6dae0f6441b5a96095fb08754d23ef71f8
- SHA512
  
  799181487ea18e4f82ca992b8266a7cedcf24d50eeccd4b589ab4054c10610eb44bc7990cad6d38a97ff42bb2f0b857b71857297a8bbde5f33f6a2d7432f3054
- SSDEEP
  
  393216:HWoSq/0R7XDdADriXkOG3aTGbz0SDTjIjSk3iO/r7HH8tQUpgrbs/iVA:H7ps7u/iUr3lMiTjIv3ifbpgPs/iVA
Score

10^/10

infinitylock link pdf ransomware upx
- InfinityLock Ransomware
  Also known as InfinityCrypt. Based on the open-source HiddenTear ransomware.
  ransomware infinitylock
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Legitimate hosting services abused for malware hosting/C2
- Drops file in System32 directory
behavioral1 behavioral2
- Target
  
  CSVConv.exe
- Size
  
  216KB
- MD5
  
  0a9ff56e1086ec3ab9d7b5dad34639f9
- SHA1
  
  38920bb3f0f557026c8c2a935585c47e37ef826f
- SHA256
  
  b8a7713039c57d7c7ab2ceab9de4c6ef1d6b6e08fc1281b29e561c7ae6fa0760
- SHA512
  
  b1456a45949ef282c6ddef6fe91c939572b0f23693581b41c59decf0e41a1f57ea4fb2e39b7fbdf18d5abe4949ca4161e22ec7101c075b99c450df77565a68bd
- SSDEEP
  
  3072:PtvmswDljy1WY1zYfrLsoEDy9CHuUVLdEvYxDynGQIfwxiVupktnA9SDCA:leswhy11zYfHsRqQJdEvYxWGQxBGA9
Score

1^/10
behavioral3 behavioral4
- Target
  
  LCode.exe
- Size
  
  695KB
- MD5
  
  dbc72d45b55dea34ac6761075898446e
- SHA1
  
  d193fd49278484a6d6ae113ad16e5e25a2ff367b
- SHA256
  
  02884f2779158bb37d67ab6a304c15fa8124d2bd3dcfd6e025b2343563288da6
- SHA512
  
  604c6159704538c423d1fa4d74762ee18179f331b46f9008f3314011cd28e68c6f0ffe57a800770bc31709c9ef00219d7d114059202ee6b7049d9689f1291033
- SSDEEP
  
  12288:S4OBoxRj/Jfg5SOfhufgNK3gU2f0fxHbHeWC:SvBQJfD8DvfgbO
Score

1^/10
behavioral5 behavioral6
- Target
  
  TDIGraph.exe
- Size
  
  207KB
- MD5
  
  8e225350d6800d08bbbf42f559480301
- SHA1
  
  c7af9433d8c675ac2607b37738dbf445884afa06
- SHA256
  
  6c1c25fbd6c610513717e410e815639b8777e7d858e38e4df22fa19870275556
- SHA512
  
  01a0d5c4a59a8cc42e491c00210568d96c339f3ce4e825f13644b7214a501477c9a369810198b0cd92c8eafec2b49fbae49b5ba3f1ce56874eeb93201d6f9db7
- SSDEEP
  
  6144:UvINZOoTrznwc6xGyvailMrCsUsGD6Bx:wIrz47vuOjsG
Score

1^/10
behavioral7 behavioral8
- Target
  
  VCDS.exe
- Size
  
  2.3MB
- MD5
  
  9644e0c548de043263196f7c8b05443e
- SHA1
  
  2373d58368d2e35986a1ee9d2e69c532c2e5dbda
- SHA256
  
  b26ec38e4d15bb45a1b523840dd463f69c84e37489af1d949a79374c4d96089f
- SHA512
  
  fd1f5494324a7682690fb687516a107ba42e6a74ba516c1b6e2984db642486933eff73ad49c89e09cacc57266f7ad8a249806097d485ec159f64483ed730f786
- SSDEEP
  
  49152:C1wyLkdMuON1e7uC30JH2hj5y6GSpTksWmE7x5Zt:C1wpNOPEkJWd5yDSpogEPZt
Score

5^/10
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9
- Target
  
  VCScope.exe
- Size
  
  317KB
- MD5
  
  d2862bb1e1b2b59359b4686d1b6b0e37
- SHA1
  
  3d901e2f8922f66b602f2852bb28a7df66f2819e
- SHA256
  
  1c231893c417d3cede750d4abe3a5ded8486ac9b8e0c6ea1438e5e8c5e043a8b
- SHA512
  
  d2aed194bd4e164225b1de323a7f07400f0877ddda1bfb75b415e4879f6b392cbb4288bcbd52fce198c21d37affcdfccd0612e5b09fdd5f6e42496c140d420bb
- SSDEEP
  
  6144:FnwNrywENy9RKN1npeMsuUM3tCIKt8sNFPcok9uvo3S6RCPW:eNMNy6UM9CIp7okxS64PW
Score

1^/10
behavioral11 behavioral12
- Target
  
  dpinst.exe
- Size
  
  901KB
- MD5
  
  c3e9c607dc3d56d53a85a26044256811
- SHA1
  
  49c971018126c405f29a844233a8c26453025505
- SHA256
  
  9d17be461ba13379db80fc276dd5b967e86559045a4dc17b7d33618bd06c252a
- SHA512
  
  11f9e24579955003aa2e10105534ee9dce65e6708023b7013b45681e3b9fb8f598134a32059cae0602bac622a266d3c819552dabc10179ff36a4157cea3b18f6
- SSDEEP
  
  6144:EZtaKSpwmx5ATm/LC3fwf3OoU9xkYSr/mdBTRhKWIjsRP/1HHm/hHAM8i6r+LyIv:EZxSpwmxvL/f3vCN1PMaLi6rAyIQjm
Score

4^/10
behavioral13 behavioral14

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

infinitylocklinkpdfransomwareupx

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14