Overview

overview

10

Static

static

10

Loader 3.0.exe

windows11-21h2-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Loader.zip

  • Size

    94KB

  • Sample

    240418-cq8h5ahf8v

  • MD5

    80b8e03154e531ae22cdad9da43637c5

  • SHA1

    91d49e2bdf53f41502c3879144c1bd8930ae9ff4

  • SHA256

    5f227a96e12db3cb3d4f39028e7ee99526e7704301e25bb77fedf478a99f2739

  • SHA512

    6e2db772ac752a0c8bfcd4a95f9c15261d668d548c29f351ab67502b54d9b06c7299e9badb3560d018f1e1d886fa7ac85c388c787f5df3ea98858c8a69fbf1cb

  • SSDEEP

    1536:GrMMFx7IZJRbbMvODx4aQybep5UR/yxe1Baiws7LToj+DRqGMyhQEtftnMUa7vqT:wbx7IJMvQ4aFbesdyxaXX1DRn5MUabqT

Score
10/10
lockbitransomwarespywarestealer

Malware Config

Targets

    • Target

      Loader 3.0.exe

    • Size

      147KB

    • MD5

      ff4cd364323fc2048c35783a38070aef

    • SHA1

      4736172dd07a3a196343b94dd56b4e4edc0f2bce

    • SHA256

      6dd7522accb6773bade16720b53ca577574defae5b1c7caf4b7fc6826dfed7e7

    • SHA512

      c72b07b78ccbcfad14fa9f7bc3e8a086c29969b4f7f30dbe57a1a173cd82d61a20bf5ead0bc7b627d5d7f7f0def71710e2ce09590be7a886ad6c9414981eb961

    • SSDEEP

      1536:FzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDEtDyI4njdbJBGCkmsQwvB6jr4j:GqJogYkcSNm9V7Dk4F91qYUrnbT

    Score
    9/10
    ransomwarespywarestealer

    • Renames multiple (546) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

4
T1082

Query Registry

4
T1012

Peripheral Device Discovery

1
T1120

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Defacement

1
T1491

Resource Development

Reconnaissance

Tasks