General
-
Target
ABZDVScv.ps1
-
Size
3.1MB
-
Sample
240419-f9xshsbb41
-
MD5
59ecc9714c9144a725ea6541b44fe9c6
-
SHA1
4c4844aaae4ee602a83b0692ed9b89fb01c8c355
-
SHA256
c0907a13d0bab92364a585ef86ef996247ec517ec546133ffe6a181950ded5e2
-
SHA512
a76c37c2a9817ee3bbd2cfcc14b52be5a78626317e6a7c999117d6a23b5450edac5cb9726cb66e8cb7e2d5457f9ce9e72cb82f01fd10355e4d6b2d9fa1f6c932
-
SSDEEP
1536:jHI9jY4WVJy07R6z04LZxY2QOcpzd46vm8f1AYHUKIuIy0DM/ouim7lJcrNZ+kf9:E
Static task
static1
Behavioral task
behavioral1
Sample
ABZDVScv.ps1
Resource
win11-20240412-en
Malware Config
Extracted
C:\oJgiFm35o.README.txt
lockbit
598954663666452@exploit.im
365473292355268@thesecure.biz
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion
http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion
http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion
http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion
http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion
http://lockbitapt.uz
http://lockbitapt2yfbt7lchxejug47kmqvqqxvvjpqkmevv4l3azl3gy6pyd.onion.ly
http://lockbitapt5x4zkjbcqmz6frdhecqqgadevyiwqxukksspnlidyvd7qd.onion.ly
http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion.ly
http://lockbitapt34kvrip6xojylohhxrwsvpzdffgs5z4pbbsywnzsbdguqd.onion.ly
http://lockbitaptc2iq4atewz2ise62q63wfktyrl4qtwuk5qax262kgtzjqd.onion.ly
http://lockbitaptjpikdqjynvgozhgc6bgetgucdk5xjacozeaawihmoio6yd.onion.ly
http://lockbitaptq7ephv2oigdncfhtwhpqgwmqojnxqdyhprxxfpcllqdxad.onion.ly
http://lockbitaptstzf3er2lz6ku3xuifafq2yh5lmiqj5ncur6rtlmkteiqd.onion.ly
http://lockbitaptoofrpignlz6dt2wqqc5z3a4evjevoa3eqdfcntxad5lmyd.onion.ly
https://twitter.com/hashtag/lockbit?f=live
http://lockbitsupt7nr3fa6e7xyb73lk6bw6rcneqhoyblniiabj4uwvzapqd.onion
http://lockbitsupuhswh4izvoucoxsbnotkmgq6durg7kficg6u33zfvq3oyd.onion
http://lockbitsupn2h6be2cnqpvncyhj4rgmnwn44633hnzzmtxdvjoqlp7yd.onion
http://lockbitsupp.uz
https://tox.chat/download.html
Targets
-
-
Target
ABZDVScv.ps1
-
Size
3.1MB
-
MD5
59ecc9714c9144a725ea6541b44fe9c6
-
SHA1
4c4844aaae4ee602a83b0692ed9b89fb01c8c355
-
SHA256
c0907a13d0bab92364a585ef86ef996247ec517ec546133ffe6a181950ded5e2
-
SHA512
a76c37c2a9817ee3bbd2cfcc14b52be5a78626317e6a7c999117d6a23b5450edac5cb9726cb66e8cb7e2d5457f9ce9e72cb82f01fd10355e4d6b2d9fa1f6c932
-
SSDEEP
1536:jHI9jY4WVJy07R6z04LZxY2QOcpzd46vm8f1AYHUKIuIy0DM/ouim7lJcrNZ+kf9:E
Score10/10-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
Renames multiple (575) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-