General
-
Target
16941757236.zip
-
Size
16KB
-
Sample
240430-k6c16ahb5w
-
MD5
150dbf3a108410803e9f97b9b1e2a597
-
SHA1
650282d16bf86185572250c1134e0e2c7fcfe01f
-
SHA256
1e86c9b1a92c3624e69ecaabb8abf495475f07a60e9a5449053270cfd2a78b51
-
SHA512
4db482e0d09fac095deb18b4769de24ac64036ddcb2d07d4ddf430a44a14bd5b16fd3e5dc5c0cde48e73cac602b1eb3466b60e2af353baee55b25be4fd65ca2d
-
SSDEEP
384:O6DQ1gCQUQUMqzNdgxTSxvXwoGHVTw7kyxBXgOu:OI3bUQUMq8YXwozHfvu
Malware Config
Targets
-
-
Target
0cc54ffd005b4d3d048e72f6d66bcc1ac5a7a511ab9ecf59dc1d2ece72c69e85
-
Size
57KB
-
MD5
a1784aa6993af25cb55a36154a954649
-
SHA1
d483d2515c55e74c1ddf76dd095b3fb1c8320b73
-
SHA256
0cc54ffd005b4d3d048e72f6d66bcc1ac5a7a511ab9ecf59dc1d2ece72c69e85
-
SHA512
dccf8bd4b23ad28117211a2c61567ce9101e173f6feb0c6ebb885d3aaf4292b06e4dd96b97d606f396727b0f6c01384c3487e24306b74aef5243f5dec511f982
-
SSDEEP
384:uI4c41g5axWYwwp0G1Ls1QuCm6Ee9nlAnXX5G6ow54gmQhDLU67L2Ro0VxdaA+Yg:Kx1g5a4iNps1Qum3OIdGX
Score10/10-
Lockbit
Ransomware family with multiple variants released since late 2019.
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
Renames multiple (333) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-