lockbit | bac1110e9a947d74ee88ea32544e2e27c9abd26dfcbe5c6f5eeca2e8ea30510b

General

Target

2024-06-24_3225d6727350498c0864872ba41ead57_darkside
Size

146KB
Sample

240624-fcxq9axejf
MD5

3225d6727350498c0864872ba41ead57
SHA1

95a4772ae9f52310aee81277410700373966db9f
SHA256

bac1110e9a947d74ee88ea32544e2e27c9abd26dfcbe5c6f5eeca2e8ea30510b
SHA512

41a7a9094c1a24740714c7c67efe43508c5f21cb6f4d48d501c7a874653b918787916bb5c4ed074b7c313f9c453aa05ab0e929225f17537974517beba9a3f787
SSDEEP

3072:aqJogYkcSNm9V7D7lxR1NlEZeHzyzosvxfxST:aq2kc4m9tDJQKzWvxJ

Score

10^/10

Malware Config

Extracted

Path

C:\6oook9hg8.README.txt

Ransom Note

———————————CAUTION, PLEASE———————————— ֎֎֎ All your files have been stolen and encrypted ֎֎֎ You have to pay ransom otherwise all the data will be leaked on the Internet as well as stay encrypted on your PC and the whole domain. ———> WHAT WE DO RECOMMEND: DO NOT RECOVER any FILES on your own, IT CAN LEAD to irreversible consequences! Your personal DECRYPTION ID: XXXXXXXXXXXXXXX ———> WHAT WE GUARANTEE YOU: 3 files free decryption as a tool validation. We provide you with a decryption tool. We delete all your data and send proofs. We save your reputation, NO data leaks. We share our vulnerability report with you. ———> WHAT THE REASON: NO other reason except your MONEY! Right now your have a chance to save your business. Feel free to contact us. https://getsession.org/ 058a0295752970d65fe9f131cb26314cf76bf3b5bfbd8ac1fb9b54d31424fff332

URLs

https://getsession.org/

Targets

- Target
  
  2024-06-24_3225d6727350498c0864872ba41ead57_darkside
- Size
  
  146KB
- MD5
  
  3225d6727350498c0864872ba41ead57
- SHA1
  
  95a4772ae9f52310aee81277410700373966db9f
- SHA256
  
  bac1110e9a947d74ee88ea32544e2e27c9abd26dfcbe5c6f5eeca2e8ea30510b
- SHA512
  
  41a7a9094c1a24740714c7c67efe43508c5f21cb6f4d48d501c7a874653b918787916bb5c4ed074b7c313f9c453aa05ab0e929225f17537974517beba9a3f787
- SSDEEP
  
  3072:aqJogYkcSNm9V7D7lxR1NlEZeHzyzosvxfxST:aq2kc4m9tDJQKzWvxJ
Score

10^/10

ransomware spyware stealer
- Renames multiple (278) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops desktop.ini file(s)
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Renames multiple (278) files with added filename extension

Reads user/profile data of web browsers

Drops desktop.ini file(s)

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2