Overview

overview

10

Static

static

10

LB3.exe

windows7-x64

10

LB3.exe

windows10-1703-x64

10

LB3.exe

windows10-2004-x64

10

LB3.exe

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    LB3.exe

  • Size

    146KB

  • Sample

    240704-31vm5axajq

  • MD5

    567371a071752719b9890da555dccb9a

  • SHA1

    4e076a6c2a213f5efc197cdd9e08d8362c24f456

  • SHA256

    169da58a5e57c6a68c1b9c07061b70e6c60d23f1708821a091d6f41907b0e9d7

  • SHA512

    08081a7a8dbf3434088c9fc51506e078db95abf8cf4797a279f5145d6658c970be896b4adcb25e40d2ecc115e2b11e0d7a688fbd34be98a4d8e62f83cf361e8a

  • SSDEEP

    3072:C6glyuxE4GsUPnliByocWepW5nVTbXaiMI9iyVD4cr:C6gDBGpvEByocWegn1Jlr4

Score
10/10
lockbitransomwarespywarestealer

Malware Config

Extracted

Path

C:\tmVnvSyWm.README.txt

Ransom Note
>>>> Your data are stolen and encrypted All of your files have been encrypted Your computer was infected with a ransomware virus. Your files have been encrypted and you won't be able to decrypt them without our help.What can I do to get my files back?You can buy our special decryption software, this software will allow you to recover all of your data and remove the ransomware from your computer.The price for the software is 500$. Payment can be made in Bitcoin only. How do I pay, where do I get Bitcoin? Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search yourself to find out how to buy Bitcoin. Many of our customers have reported these sites to be fast and reliable: Coinmama - www .coinmama.com Bitpanda - www .bitpanda.com Bitcoin Address: bc1qccpche8qeyxcj4vptta27g2xjv9k2y889wre6w You should send the amount to this bitcoin address. AFTER the payment contact this email to recover your data: [email protected]

Targets

    • Target

      LB3.exe

    • Size

      146KB

    • MD5

      567371a071752719b9890da555dccb9a

    • SHA1

      4e076a6c2a213f5efc197cdd9e08d8362c24f456

    • SHA256

      169da58a5e57c6a68c1b9c07061b70e6c60d23f1708821a091d6f41907b0e9d7

    • SHA512

      08081a7a8dbf3434088c9fc51506e078db95abf8cf4797a279f5145d6658c970be896b4adcb25e40d2ecc115e2b11e0d7a688fbd34be98a4d8e62f83cf361e8a

    • SSDEEP

      3072:C6glyuxE4GsUPnliByocWepW5nVTbXaiMI9iyVD4cr:C6gDBGpvEByocWegn1Jlr4

    Score
    10/10
    ransomwarespywarestealer

    • Renames multiple (809) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks