lockbit | 152217ef46be621a53593457abc52d435f1301ff314261ababf3e5a2ba04e6cd | Triage

Submit
Reports

Overview

overview

Static

static

2024-04-17...de.exe

windows7-x64

9

2024-04-17...de.exe

windows10-2004-x64

9

Sharing

General

Target

2024-04-17_7f72cf6f4d95a38ac92aa8e548cf2665_darkside
Size

146KB
Sample

240417-3ppbzaaa33
MD5

7f72cf6f4d95a38ac92aa8e548cf2665
SHA1

e7e37defe61a3ec55998974f11529e63efdfa94d
SHA256

152217ef46be621a53593457abc52d435f1301ff314261ababf3e5a2ba04e6cd
SHA512

5ec14e3091198fe5ccdcd91f8a18b47c5cd7cc48598b42bd6c5d266758bf104b7ebe37dd2c639db032ea462bf4c5f57818125fdb988de0304eb92fee2227a394
SSDEEP

3072:OqJogYkcSNm9V7DBArsI8lVu20ytl2zE+ZT:Oq2kc4m9tDCYJVP0yto

Score

10^/10

lockbit ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-04-17_7f72cf6f4d95a38ac92aa8e548cf2665_darkside.exe

Resource

win7-20240221-en

ransomware spyware stealer

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-04-17_7f72cf6f4d95a38ac92aa8e548cf2665_darkside.exe

Resource

win10v2004-20240412-en

ransomware spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-04-17_7f72cf6f4d95a38ac92aa8e548cf2665_darkside
- Size
  
  146KB
- MD5
  
  7f72cf6f4d95a38ac92aa8e548cf2665
- SHA1
  
  e7e37defe61a3ec55998974f11529e63efdfa94d
- SHA256
  
  152217ef46be621a53593457abc52d435f1301ff314261ababf3e5a2ba04e6cd
- SHA512
  
  5ec14e3091198fe5ccdcd91f8a18b47c5cd7cc48598b42bd6c5d266758bf104b7ebe37dd2c639db032ea462bf4c5f57818125fdb988de0304eb92fee2227a394
- SSDEEP
  
  3072:OqJogYkcSNm9V7DBArsI8lVu20ytl2zE+ZT:Oq2kc4m9tDCYJVP0yto
Score

9^/10

ransomware spyware stealer
- Renames multiple (319) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2024

Terms | Privacy