Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    Lockbit-Ransomware-Builder-main1.zip

  • Size

    283KB

  • Sample

    241126-r78msasjgm

  • MD5

    0f4c1f0cbe1e3ad1b4fdb0f8de101938

  • SHA1

    c7edeff3353e58c4133fb456d17ac6593c1882c4

  • SHA256

    7f899996d4bc193a1739b8f9ca51a7f46a7d41007f472df5622208e2db62b232

  • SHA512

    98793bae94bfb3baff6f3f76d2c9251eee64d5ec305f3b2384b2bf5157872a1cb83809fa4a5fdb40ed4bd14761936ce43a6c3575e17a2c91b6df7319db06ecbc

  • SSDEEP

    6144:eW+LYvU1+OsOtX2lUFW+LYvU1+OsOtX2lUpW+LYvU1+OsOtX2lUK:WeItX2l2eItX2lUeItX2l9

Malware Config

Targets

    • Target

      Lockbit-Ransomware-Builder-main/Builder.exe

    • Size

      146KB

    • MD5

      39c9477cf131ca5ccc05c8871c0e10e6

    • SHA1

      07b2581b2cb41053d09c4bb896aaabc1d28f2a7b

    • SHA256

      939281eac1c6e5aa2e4238a1e545e67b2609c15f517474b2a5133bb64fe9c1eb

    • SHA512

      689fd585232031f746b1573d3ed66ac329420611d4e1092ce6952b49ab0c168091726bd02189a4e183d1196ced4f51953e4eb25a5219a36f86d8f6761da9f129

    • SSDEEP

      1536:xzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDqk3sA9atm8z+L8QBfuSoyAMjwT:KqJogYkcSNm9V7D7352v+L8DnyAewT

    • Renames multiple (355) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Lockbit-Ransomware-Builder-main/Decrypter.exe

    • Size

      146KB

    • MD5

      39c9477cf131ca5ccc05c8871c0e10e6

    • SHA1

      07b2581b2cb41053d09c4bb896aaabc1d28f2a7b

    • SHA256

      939281eac1c6e5aa2e4238a1e545e67b2609c15f517474b2a5133bb64fe9c1eb

    • SHA512

      689fd585232031f746b1573d3ed66ac329420611d4e1092ce6952b49ab0c168091726bd02189a4e183d1196ced4f51953e4eb25a5219a36f86d8f6761da9f129

    • SSDEEP

      1536:xzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDqk3sA9atm8z+L8QBfuSoyAMjwT:KqJogYkcSNm9V7D7352v+L8DnyAewT

    • Renames multiple (329) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Lockbit-Ransomware-Builder-main/KeyGen.exe

    • Size

      146KB

    • MD5

      39c9477cf131ca5ccc05c8871c0e10e6

    • SHA1

      07b2581b2cb41053d09c4bb896aaabc1d28f2a7b

    • SHA256

      939281eac1c6e5aa2e4238a1e545e67b2609c15f517474b2a5133bb64fe9c1eb

    • SHA512

      689fd585232031f746b1573d3ed66ac329420611d4e1092ce6952b49ab0c168091726bd02189a4e183d1196ced4f51953e4eb25a5219a36f86d8f6761da9f129

    • SSDEEP

      1536:xzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDqk3sA9atm8z+L8QBfuSoyAMjwT:KqJogYkcSNm9V7D7352v+L8DnyAewT

    • Renames multiple (360) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Target

      Lockbit-Ransomware-Builder-main/README.md

    • Size

      3KB

    • MD5

      224f96bf0512ce83183b44f1b4af5280

    • SHA1

      edc014dd786fd63056f5af38053cafa15f2b4d25

    • SHA256

      918dda007f7c531c4340c84c966ed9c97f4155f5547a5721c3a4cb6c9fcbcd20

    • SHA512

      dea4e0d1aa0162cbdd4deb8df9a5a9c0b8777c890c6d61be143d670e436c1fad86485eb2fdc63952b42c65647fbcef63e32f8b4d7891c5788e11a4017b3dd27c

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.