Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://vxvault.net

windows11-21h2-x64

10

Resubmissions

26-09-2024 23:30

240926-3g9myawfra 6

02-09-2024 13:04

240902-qa9cda1apn 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    http://vxvault.net

  • Sample

    240902-qa9cda1apn

Score
10/10
lockbitdefense_evasiondiscoveryransomwarespywarestealer

Malware Config

Targets

    • Target

      http://vxvault.net

    Score
    10/10
    lockbitdefense_evasiondiscoveryransomwarespywarestealer

    • Lockbit

      Ransomware family with multiple variants released since late 2019.

      ransomwarelockbit

    • Rule to detect Lockbit 3.0 ransomware Windows payload

    • Renames multiple (609) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks