Extracted

Extracted

• • Target

    88169b1d4778ed6c5fda97375efb5b9171ea52649c8715bb449801c39bce4ad4.exe

  • Size

    147KB

  • MD5

    3c311cabe7de6a8c104f8f10541d392d

  • SHA1

    f59f4be06c9d1a94d44d1f6a6afd4ad6d532cb47

  • SHA256

    88169b1d4778ed6c5fda97375efb5b9171ea52649c8715bb449801c39bce4ad4

  • SHA512

    4fe621de344f25f4d0b6bc557afb392e2d6976f930bfe96a425dc619e7641387dfb356314d455676860f05af1de35a10a57d1d746b41e0317865703ed11fb77a

  • SSDEEP

    3072:U6glyuxE4GsUPnliByocWepPaEYLUTcVWH0XUQx4b:U6gDBGpvEByocWeHYLULUXUQ

  Score

  10^/10

  dragonforcedefense_evasiondiscoveryransomwarespywarestealer

  • DragonForce

    Ransomware family based on Lockbit that was first observed in November 2023.

    ransomwaredragonforce

  • Dragonforce family

    dragonforce

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2