General
-
Target
2cee882bd0dc4267bacf099ac4571c319ac547be12b955f7ccb2f0144ae40876.zip
-
Size
82KB
-
Sample
240417-yk374sdg9t
-
MD5
89692f0041e86734abc21451373e9149
-
SHA1
7b2083a1e51a0fe451ba8aa397d33deec00076f3
-
SHA256
f88190bb765180c47219893bfcc26e6bf306272c62c8239d23727c1d5ddcc323
-
SHA512
039465713b1d2504f1345a6515804b9bad60144e50f2d007076ce8c123b9e7a896b897c27c2346c3cfe6fc499a1053cb7a603c14125d6287f27645c86bdd2ce1
-
SSDEEP
1536:vOkc0DD+iQusImPXP20CBe8+fjVscdPvj296i50wc/SjRkG:R+nuTmPfsBehfjVsgP7O5VRkG
Behavioral task
behavioral1
Sample
LB3.exe
Resource
win10v2004-20240412-en
Malware Config
Targets
-
-
Target
LB3
-
Size
146KB
-
MD5
33228a20a7e985f02e2ddd73cccde729
-
SHA1
58ab960e629a609d135e1988c72f2991e5f76e30
-
SHA256
0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194
-
SHA512
075002dd1b0f8e536c1ff99d30368f5adfc90a2f3e7a74c9770119e7b54a5851236657b7edcb735d457e78a7e67b7c285b6ceaa6ca2907542ac208dfc8c9aabe
-
SSDEEP
3072:36glyuxE4GsUPnliByocWepqFPUBwrqveV84:36gDBGpvEByocWe8MB4G
Score9/10-
Renames multiple (608) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-