5e469b447eef6f0e53e5929d377b7db0498c759daa480e04c83eef8ee298e757 | Triage

Sharing

General

Target

2024-09-27_7ca1830e20c2eb562aa364a0745a8958_lockbit
Size

290KB
Sample

240927-xlv3fsvblk
MD5

7ca1830e20c2eb562aa364a0745a8958
SHA1

903dafebbec7e9c484e541c3fb68c10b785e6493
SHA256

5e469b447eef6f0e53e5929d377b7db0498c759daa480e04c83eef8ee298e757
SHA512

94df2d4270e51fa74eed04a4aa31dd8aa36c1de96ef66dce60bbeb48121ab80a97942429ed1e14f0b22430d3f816327560535a89b63a58fede33bb8713239c41
SSDEEP

6144:zhGpV1z8QaZXGpGGpV1z8Qcy1PSbOqslVC7nJUkhIeMIcC16V:gpVa9WpPpVaxy0bOM7np+e31

Score

7^/10

defense_evasion discovery

Malware Config

Targets

- Target
  
  2024-09-27_7ca1830e20c2eb562aa364a0745a8958_lockbit
- Size
  
  290KB
- MD5
  
  7ca1830e20c2eb562aa364a0745a8958
- SHA1
  
  903dafebbec7e9c484e541c3fb68c10b785e6493
- SHA256
  
  5e469b447eef6f0e53e5929d377b7db0498c759daa480e04c83eef8ee298e757
- SHA512
  
  94df2d4270e51fa74eed04a4aa31dd8aa36c1de96ef66dce60bbeb48121ab80a97942429ed1e14f0b22430d3f816327560535a89b63a58fede33bb8713239c41
- SSDEEP
  
  6144:zhGpV1z8QaZXGpGGpV1z8Qcy1PSbOqslVC7nJUkhIeMIcC16V:gpVa9WpPpVaxy0bOM7np+e31
Score

7^/10

defense_evasion discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Impair Defenses: Safe Mode Boot
  defense_evasion
- Loads dropped DLL
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Safe Mode Boot

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Query Registry

Remote System Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscovery

behavioral2

defense_evasiondiscovery