Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
http://185.215.113.101
-
Sample
240730-xgql6stanq
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
http://185.215.113.101
Resource
win10v2004-20240730-en
28 signatures
150 seconds
Malware Config
Extracted
Path
C:\d093fD6aI.README.txt
Ransom Note
~~~ LockBit 5.01 the world's fastest ransomware since 2019~~~
>>>> Your data are stolen and encrypted
The data will be published on TOR website if you do not pay the ransom
BTC amount 0.01 = up to 12hr
BTC amount 0.02 = up to 24hr
BTC amount 0.1 = up 48 hr
BTC amount 0 , deleted all files from you PC, and post all infirmation to public.
where send BTC: bc1qm7sg7p2jkgthv7pkjy856sh9lr5x3yrpzv099d :not valid after 07/23/2024 10PM EST.
Time just 12 hr, after everythink will be removed
You can buy them on the exchange or at an ATM https://coinatmradar.com. You can find the addresses here buy with credit or debet card online https://www.moonpay.com/buy.
You have 12 hours for the transfer,
24 hours for the amount of 0.02,
and of course, you can always wait 48 hours and pay 0.1.
After that, send a request with confirmation to TOX , faster way!
You can contact us using Tox messenger without registration and SMS https://tox.chat/download.html.
Using Tox messenger, we will never know your real name, it means your privacy is guaranteed.
If you want to contact us, tox.
Tox ID LockBitSupp: B90F5C1EC3C13400F6D0B22B772C5FAB086F8C41A0C87B92A8B3C7F2ECBBCE191A455140273E
URLs
https://coinatmradar.com
https://www.moonpay.com/buy
https://tox.chat/download.html
Targets
-
-
Target
http://185.215.113.101
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
Renames multiple (642) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-