lockbit | 87e87fd910037fb102a728f4e0036cf5f066b7b704e1160bd685d71d290acedb | Triage

Sharing

General

Target

87e87fd910037fb102a728f4e0036cf5f066b7b704e1160bd685d71d290acedb
Size

132KB
Sample

240530-wlkq2sgg86
MD5

766c7ccd257739d252646a60e42ed0c0
SHA1

1637e3de37d86ccde517875b991dfec1a093330e
SHA256

87e87fd910037fb102a728f4e0036cf5f066b7b704e1160bd685d71d290acedb
SHA512

c0b86d4425d9955d0c965d943d360c1d61f35d1df0f6819a93630ea15c4df91590dada59a667ffaacf7563943ffb2c4b71e3157fbdeb42937f1a91a77d87d1a4
SSDEEP

3072:rXuH35kCQ/sKLVUhaAt3QRpEC354A2JANtly9t337AamUiXteJkOnK:re2FjaaApKGCp4A2J6t4z7AarEikB

Score

10^/10

lockbit ransomware spyware stealer upx

Malware Config

Targets

- Target
  
  l.exe
- Size
  
  87KB
- MD5
  
  717e64d5a222ef9b379a59a01e877767
- SHA1
  
  7f9dd9771f3940773c150075cfc757865f1b2aea
- SHA256
  
  9777234d1da61e5688278b57971afb217ffd71eeb6bb41f65cc4cabc21ea0a51
- SHA512
  
  879b519da63dfaa5cc0f585d4858692e07a0dd6c128c88d9d252d4e2def8c3ae6249ed139abb671a0ea128261f8e445aec27b160f1bb67eee19d7af488f8b6e4
- SSDEEP
  
  1536:poxUsH1uwp6ISs9bFQ+pGfxtP8cY1AZUbhYnY4LY+De5F4rGxwG8JOKhnAjrhjyx:2UsVuc6I1bFZW7xxtnYoY+kKJOKdscg
Score

9^/10

ransomware spyware stealer upx
- Renames multiple (324) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Drops desktop.ini file(s)
behavioral1 behavioral2
- Target
  
  l1.exe
- Size
  
  145KB
- MD5
  
  05fa05bbba51c9fd5f2421f3fe2e2998
- SHA1
  
  e7fdbb0621abb858cdd31ad94118ca575aa8fe24
- SHA256
  
  b9d6537c7531a0592a4ec46a52c84108b9d5110ed947cec8ddb2fda4b771899b
- SHA512
  
  399004699bdacc815eeb5609fba3e81e3866c839766feb0fdd1aa8e1d7746405da2f90414deb17dc592982cf24c468c106d263bb167499c443bffe6ce357bd55
- SSDEEP
  
  1536:azICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDtCYU0GsvgtwjECrozUYj3PeAU8:pqJogYkcSNm9V7DtCCGsg+AmYylQhTTJ
Score

9^/10

ransomware spyware stealer
- Renames multiple (351) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral3 behavioral4
- Target
  
  l2.exe
- Size
  
  145KB
- MD5
  
  76b23dd72a883d8b1302bb4a514b7967
- SHA1
  
  338e19e8a3615c29d8a825ebba66cf55fa0caa2c
- SHA256
  
  311edf744c2e90d7bfc550c893478f43d1d7977694d5dcecf219795f3eb99b86
- SHA512
  
  39d98f914ec9d8551a894306163bc726f035f9228f3f198de78555988cea5a7b423be8c2a19913c76b996220a81a9b3a257b7f0af67913aa8a50b77321b17735
- SSDEEP
  
  1536:azICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDtCYU0GsvgtwjECrozUYj3PeAU2:pqJogYkcSNm9V7DtCCGsg+AmYylQhTT
Score

9^/10

ransomware spyware stealer
- Renames multiple (320) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

ransomwarespywarestealerupx

behavioral2

ransomwarespywarestealerupx

behavioral3

ransomwarespywarestealer

behavioral4

ransomwarespywarestealer

behavioral5

ransomwarespywarestealer

behavioral6

ransomwarespywarestealer