Extracted

Extracted

• • Target

    82b336cd120ef07d8df5a3e3fa082bcca8b5c0a3481fae78cb5dd29072979f69.exe

  • Size

    90KB

  • MD5

    6c755a742f2b2e5c1820f57d0338365f

  • SHA1

    0b22b6e5269ec241b82450a7e65009685a3010fb

  • SHA256

    82b336cd120ef07d8df5a3e3fa082bcca8b5c0a3481fae78cb5dd29072979f69

  • SHA512

    580fec443cb3236201750e643078b98e3d9f46cad3cc890b74371119f0ec33a0c5ba526e6135cc1ddcb90d867c214e37c700af55309c7725ed44e100173630ed

  • SSDEEP

    1536:yvXFnGvewvD/F3nICjRM5CEL92vR2zh9ckMBsA1RXZN1Mevt5:Ow3FE79UUzh9mBjBZNe

  Score

  10^/10

  dragonforcedefense_evasiondiscoveryransomwarespywarestealerupx

  • DragonForce

    Ransomware family based on Lockbit that was first observed in November 2023.

    ransomwaredragonforce

  • Dragonforce family

    dragonforce

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2