lockbit | f88190bb765180c47219893bfcc26e6bf306272c62c8239d23727c1d5ddcc323 | Triage

Submit
Reports

Overview

overview

Static

static

LB3.exe

windows10-2004-x64

9

Sharing

General

Target

2cee882bd0dc4267bacf099ac4571c319ac547be12b955f7ccb2f0144ae40876.zip
Size

82KB
Sample

240417-yk374sdg9t
MD5

89692f0041e86734abc21451373e9149
SHA1

7b2083a1e51a0fe451ba8aa397d33deec00076f3
SHA256

f88190bb765180c47219893bfcc26e6bf306272c62c8239d23727c1d5ddcc323
SHA512

039465713b1d2504f1345a6515804b9bad60144e50f2d007076ce8c123b9e7a896b897c27c2346c3cfe6fc499a1053cb7a603c14125d6287f27645c86bdd2ce1
SSDEEP

1536:vOkc0DD+iQusImPXP20CBe8+fjVscdPvj296i50wc/SjRkG:R+nuTmPfsBehfjVsgP7O5VRkG

Score

10^/10

lockbit ransomware spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

LB3.exe

Resource

win10v2004-20240412-en

ransomware spyware stealer

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Targets

- Target
  
  LB3
- Size
  
  146KB
- MD5
  
  33228a20a7e985f02e2ddd73cccde729
- SHA1
  
  58ab960e629a609d135e1988c72f2991e5f76e30
- SHA256
  
  0845a8c3be602a72e23a155b23ad554495bd558fa79e1bb849aa75f79d069194
- SHA512
  
  075002dd1b0f8e536c1ff99d30368f5adfc90a2f3e7a74c9770119e7b54a5851236657b7edcb735d457e78a7e67b7c285b6ceaa6ca2907542ac208dfc8c9aabe
- SSDEEP
  
  3072:36glyuxE4GsUPnliByocWepqFPUBwrqveV84:36gDBGpvEByocWe8MB4G
Score

9^/10

ransomware spyware stealer
- Renames multiple (608) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Defacement

Resource Development

Reconnaissance

Tasks

static1

behavioral1

ransomwarespywarestealer

© 2018-2024

Terms | Privacy