Resubmissions

08-09-2024 03:04

240908-dk13jatgjb 10

08-09-2024 01:42

240908-b4rl4azdmh 10

General

  • Target

    7b105aba893b98d1ae293b3096854077d430f071d2801f57d8d5c370b53f1964

  • Size

    140KB

  • Sample

    240908-b4rl4azdmh

  • MD5

    6919bbcaaa9d969309e3f8619a9f4547

  • SHA1

    cd33410b0dc50cee29238da544194f8316caea20

  • SHA256

    7b105aba893b98d1ae293b3096854077d430f071d2801f57d8d5c370b53f1964

  • SHA512

    28b57ac32abaace844225c979312c065b51b671ee86faecc58e925382b3e8c85194542e619115c8af51e87439840a107126ddbc4b04e17dfe5289c8472c8bb38

  • SSDEEP

    3072:Ge/p4qavLr9+ycFup+6LZEDlimJriBTNl5c14VWDxqvUq1:GYp47vIIpZEDl7JiBzVWDS

Malware Config

Targets

    • Target

      LBB_pass.exe

    • Size

      141KB

    • MD5

      ecccac5d8de56c9a28b91ab1bda23c16

    • SHA1

      20f2811da9b151b34ae7c257ec672a0c1d3f60ee

    • SHA256

      336c36746aeee4e0753f5bf90a4429f0e91468ff02ed00c62559ea1e29b333a2

    • SHA512

      1e0a5432c382be17f11a4d4772c8d4d3b6359fe90dbb25d250e480a2439cd8d108cb725a64777be3765afdd9ec03b1f7aef3b94c58a45bfc5dc74c8633463c54

    • SSDEEP

      3072:OFtQp4qavvr9EycFur+6LZEzHzDkDd0+NiJ5c14VTDxqvUqN:gQp47vGIrZEjzgDd0+6VTDE

    • Lockbit

      Ransomware family with multiple variants released since late 2019.

    • Rule to detect Lockbit 3.0 ransomware Windows payload

    • Target

      l.bat

    • Size

      638B

    • MD5

      5b1f0a177a035da3891f91183d77fad7

    • SHA1

      282ae07cdd4630e605de19508ed00b86b0932e76

    • SHA256

      f66f9834a6085ffda1ffa04dbed6a334719ea92e24c2b0950bef9573cffed015

    • SHA512

      145b77756d97a227d967264a4241a9f7984af94a554be28847e2ecd4bc7b628858d0def3d7e665874b1780f9e7a434cc21b86659cf053fa268bdccbf2f8b1f48

    • Lockbit

      Ransomware family with multiple variants released since late 2019.

    • Rule to detect Lockbit 3.0 ransomware Windows payload

    • Renames multiple (356) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Deletes itself

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

MITRE ATT&CK Enterprise v15

Tasks