Extracted

Extracted

• • Target

    2024-09-16_b71bd8482d6e872bd867966a1e572ac9_darkside

  • Size

    146KB

  • MD5

    b71bd8482d6e872bd867966a1e572ac9

  • SHA1

    926d496eed4f6735999dcac03b9295222ea45dc1

  • SHA256

    f156e0cc550938d59d92fcf7768d5070360d46c80555ed4f972d2af0f4233fdb

  • SHA512

    4392f36b65fe82ce102a0faf55f2fdce4cd8463cf42eab2ca68bcbe3578de4804d5ec475ed2294fc8e7bef9e319af18ee2656dea4b499ff43476f2a8f35d85b6

  • SSDEEP

    3072:x6glyuxE4GsUPnliByocWepqzW0lfCoCufrJikFt1YY:x6gDBGpvEByocWeczXlqIldvYY

  Score

  10^/10

  lockbitdefense_evasiondiscoveryransomwarespywarestealer

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Renames multiple (339) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2