lockbit | 8f7d3d56ae14e20496764fe8e3c03e58ed00e6be9ed237c92f0e895dd658fb00

General

Target

17559708197.zip
Size

98KB
Sample

240605-n1hw1aef61
MD5

8de666ea90cb63737878ebfd37269258
SHA1

7a5d444aedf8315a6345e07415b5d8e69d3708a8
SHA256

8f7d3d56ae14e20496764fe8e3c03e58ed00e6be9ed237c92f0e895dd658fb00
SHA512

5e3c275f7877de938983cc425e7bdbfbbdf8be35e08153f1a50d6be8bf699989a17cc63152bdcb9a4e7003874bd0d61e14012493892bafee4224828c5cb5b591
SSDEEP

3072:bZA81PHH+B69vvPYW7E+IzvLpqbvy7ZSd2isWV:bZA81PHQQvQW7E+IzzpgvOZGVV

Score

10^/10

Malware Config

Extracted

Path

C:\523XaDi1i.README.txt

Ransom Note

Dear managment! ---Welcome! Your are locked by SenSayQ!--- If you are reading this message, means that: * Your network infrastructures have been compromized! * Critical data has leaked! * Files are encrypted! ----------------------------------------------------------------------- The best and only thing you can do is to contact us to settle the matter before any losses occurs. ----------------------------------------------------------------------- 1. If you modify files - our decrypt software won't able to recover data. 2. If you use third party software - you can damage/modify files (see item 1). 3. You need cipher key / our decrypt software to restore you files. 4. The police or authorities will not be able to help you get the cipher key. We encourage you to consider your decisions. Contacting us will be the fastest and safest solution to the problem. ----------------------------------------------------------------------- Attention! If you do not contact us within 72 hours, we will be forced to publish the stolen data on our website. To contact us: 1. Download and install Tor Browser - torproject.org/download 2. Follow the link: ppzmaodrgtg7r6zcputdlaqfliubmmjpo4u56l3ayckut3nyvw6dyayd.onion 3. Enter your ID: TFfgc8xENZ62nkC0Yt7oNeR3Uqg07IcLs1eEiuDcOAzAJl1GhJbs3QzbxidYAtsddy4JfaZE3wubaPiNbHhWaThiTHJI E-mail support: [email protected]

Emails

[email protected]

URLs

http://ppzmaodrgtg7r6zcputdlaqfliubmmjpo4u56l3ayckut3nyvw6dyayd.onion

Targets

- Target
  
  17559708197.zip
- Size
  
  98KB
- MD5
  
  8de666ea90cb63737878ebfd37269258
- SHA1
  
  7a5d444aedf8315a6345e07415b5d8e69d3708a8
- SHA256
  
  8f7d3d56ae14e20496764fe8e3c03e58ed00e6be9ed237c92f0e895dd658fb00
- SHA512
  
  5e3c275f7877de938983cc425e7bdbfbbdf8be35e08153f1a50d6be8bf699989a17cc63152bdcb9a4e7003874bd0d61e14012493892bafee4224828c5cb5b591
- SSDEEP
  
  3072:bZA81PHH+B69vvPYW7E+IzvLpqbvy7ZSd2isWV:bZA81PHQQvQW7E+IzzpgvOZGVV
Score

1^/10
behavioral1 behavioral2
- Target
  
  8ea416fd97ba762b5fa6519906c56f6c98f078f398ff75be7ed43fa1cc5313a9
- Size
  
  147KB
- MD5
  
  56331e7b131dec58aba05405aa1242f5
- SHA1
  
  f2f3a1cf7786abacb972cf31378d056de564b7c6
- SHA256
  
  8ea416fd97ba762b5fa6519906c56f6c98f078f398ff75be7ed43fa1cc5313a9
- SHA512
  
  4412ff6e3d4b3f916f28ddd342e72b19a8249428249fbb20b5408e093564f3fa9044947e1e3ff7177d49f62d98a9210338a25dbc236338136e6bcf6328d170ba
- SSDEEP
  
  3072:P6glyuxE4GsUPnliByocWepDnc6TQHR/BLv/p:P6gDBGpvEByocWeUHjv/
Score

10^/10

ransomware spyware stealer
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral3 behavioral4