blackmatter | 707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881 | Triage

Submit
Reports

Overview

overview

Static

static

LockBit-main.zip

windows10-2004-x64

Resubmissions

17-04-2024 10:53

240417-my9fhaeb8s 10

Sharing

General

Target

LockBit-main.zip
Size

292KB
Sample

240417-my9fhaeb8s
MD5

68309717a780fd8b4d1a1680874d3e12
SHA1

4cfe4f5bbd98fa7e966184e647910d675cdbda43
SHA256

707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881
SHA512

e16de0338b1e1487803d37da66d16bc2f2644138615cbce648ae355f088912a04d1ce128a44797ff8c4dfc53c998058432052746c98c687670e4100194013149
SSDEEP

6144:n42LBVCsV+PkMeW9zTiY/NaQmHst5ySPzmcfIMwmafvR:n4EzwkMeWgY1NmyESPB1/aXR

Score

10^/10

blackmatter lockbit ransomware spyware stealer

Static task

static1

lockbit blackmatter

4 signatures

Behavioral task

behavioral1

Sample

LockBit-main.zip

Resource

win10v2004-20240412-en

lockbit ransomware spyware stealer

windows10-2004-x64

30 signatures

1800 seconds

Malware Config

Extracted

Family

blackmatter

Version

25.239

Targets

- Target
  
  LockBit-main.zip
- Size
  
  292KB
- MD5
  
  68309717a780fd8b4d1a1680874d3e12
- SHA1
  
  4cfe4f5bbd98fa7e966184e647910d675cdbda43
- SHA256
  
  707bb3b958fbf4728d8a39b043e8df083e0fce1178dac60c0d984604ec23c881
- SHA512
  
  e16de0338b1e1487803d37da66d16bc2f2644138615cbce648ae355f088912a04d1ce128a44797ff8c4dfc53c998058432052746c98c687670e4100194013149
- SSDEEP
  
  6144:n42LBVCsV+PkMeW9zTiY/NaQmHst5ySPzmcfIMwmafvR:n4EzwkMeWgY1NmyESPB1/aXR
Score

10^/10

lockbit ransomware spyware stealer
- Lockbit
  Ransomware family with multiple variants released since late 2019.
  ransomware lockbit
- Rule to detect Lockbit 3.0 ransomware Windows payload
- Renames multiple (849) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

lockbitblackmatter

behavioral1

lockbitransomwarespywarestealer

© 2018-2024

Terms | Privacy