lockbit | a4006f211bc8fd8d90a3fe601230bcb298c235a0a975d3b0ca463b3e97de7d29 | Triage

Submit
Reports

Overview

overview

Static

static

d5d49fbe4f...18.exe

windows7-x64

9

d5d49fbe4f...18.exe

windows10-2004-x64

9

Sharing

General

Target

a4006f211bc8fd8d90a3fe601230bcb298c235a0a975d3b0ca463b3e97de7d29
Size

93KB
Sample

240417-p1r1cafg47
MD5

39e3537c736661da2b4cc3ea8940d237
SHA1

8a287b5e6e38e1ec3b5f37876dbe1b216d26a0c2
SHA256

a4006f211bc8fd8d90a3fe601230bcb298c235a0a975d3b0ca463b3e97de7d29
SHA512

20ce5426ddee6b5102a6182e458c5d570aa4df8bafd2a1804ae0cdd8274d1fd13848c61fa475c61d5ac830341744eeb3ec38152c7199726b7e512a113696fe03
SSDEEP

1536:b3S8LH/u4Zwgzjzb8A00ZbFYmcQh/n53o7TGaiAMIfbzwunivl6bArjAmZ2Mf:bP24ZwkzbrZbFqQh/53o7TGalMwzlnIh

Score

10^/10

lockbit ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

d5d49fbe4f955416afe5db8c735638cedde326347757e8c57323305480568418.exe

Resource

win7-20240220-en

ransomware spyware stealer

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

d5d49fbe4f955416afe5db8c735638cedde326347757e8c57323305480568418.exe

Resource

win10v2004-20240412-en

ransomware spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  d5d49fbe4f955416afe5db8c735638cedde326347757e8c57323305480568418.exe
- Size
  
  146KB
- MD5
  
  9a2e880c5c4fcbecf71014de4bbeb2db
- SHA1
  
  173089f18ef521b89516319117bf545d33f2e657
- SHA256
  
  d5d49fbe4f955416afe5db8c735638cedde326347757e8c57323305480568418
- SHA512
  
  c01ee3e7898b6dda26aee4d04c4a345d2c36ba019bade775dd71330d96a37ed0594a496df18db3a2e593fd7e13f90de123f47ab33e3a8d4936501c69e7500a59
- SSDEEP
  
  3072:m6glyuxE4GsUPnliByocWepc8HtoTc0U7DF:m6gDBGpvEByocWeFNh0GDF
Score

9^/10

ransomware spyware stealer
- Renames multiple (331) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ransomwarespywarestealer

behavioral2

ransomwarespywarestealer

© 2018-2024

Terms | Privacy