Overview
overview
10Static
static
10Lockbit-Ra...er.exe
windows7-x64
9Lockbit-Ra...er.exe
windows10-2004-x64
9Lockbit-Ra...er.exe
windows7-x64
9Lockbit-Ra...er.exe
windows10-2004-x64
9Lockbit-Ra...en.exe
windows7-x64
9Lockbit-Ra...en.exe
windows10-2004-x64
9Lockbit-Ra...ME.vbs
windows7-x64
1Lockbit-Ra...ME.vbs
windows10-2004-x64
1General
-
Target
Lockbit-Ransomware-Builder-main1.zip
-
Size
283KB
-
Sample
241126-r78msasjgm
-
MD5
0f4c1f0cbe1e3ad1b4fdb0f8de101938
-
SHA1
c7edeff3353e58c4133fb456d17ac6593c1882c4
-
SHA256
7f899996d4bc193a1739b8f9ca51a7f46a7d41007f472df5622208e2db62b232
-
SHA512
98793bae94bfb3baff6f3f76d2c9251eee64d5ec305f3b2384b2bf5157872a1cb83809fa4a5fdb40ed4bd14761936ce43a6c3575e17a2c91b6df7319db06ecbc
-
SSDEEP
6144:eW+LYvU1+OsOtX2lUFW+LYvU1+OsOtX2lUpW+LYvU1+OsOtX2lUK:WeItX2l2eItX2lUeItX2l9
Behavioral task
behavioral1
Sample
Lockbit-Ransomware-Builder-main/Builder.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
Lockbit-Ransomware-Builder-main/Builder.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Lockbit-Ransomware-Builder-main/Decrypter.exe
Resource
win7-20240708-en
Behavioral task
behavioral4
Sample
Lockbit-Ransomware-Builder-main/Decrypter.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Lockbit-Ransomware-Builder-main/KeyGen.exe
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Lockbit-Ransomware-Builder-main/KeyGen.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
Lockbit-Ransomware-Builder-main/README.vbs
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
Lockbit-Ransomware-Builder-main/README.vbs
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Lockbit-Ransomware-Builder-main/Builder.exe
-
Size
146KB
-
MD5
39c9477cf131ca5ccc05c8871c0e10e6
-
SHA1
07b2581b2cb41053d09c4bb896aaabc1d28f2a7b
-
SHA256
939281eac1c6e5aa2e4238a1e545e67b2609c15f517474b2a5133bb64fe9c1eb
-
SHA512
689fd585232031f746b1573d3ed66ac329420611d4e1092ce6952b49ab0c168091726bd02189a4e183d1196ced4f51953e4eb25a5219a36f86d8f6761da9f129
-
SSDEEP
1536:xzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDqk3sA9atm8z+L8QBfuSoyAMjwT:KqJogYkcSNm9V7D7352v+L8DnyAewT
-
Renames multiple (355) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Lockbit-Ransomware-Builder-main/Decrypter.exe
-
Size
146KB
-
MD5
39c9477cf131ca5ccc05c8871c0e10e6
-
SHA1
07b2581b2cb41053d09c4bb896aaabc1d28f2a7b
-
SHA256
939281eac1c6e5aa2e4238a1e545e67b2609c15f517474b2a5133bb64fe9c1eb
-
SHA512
689fd585232031f746b1573d3ed66ac329420611d4e1092ce6952b49ab0c168091726bd02189a4e183d1196ced4f51953e4eb25a5219a36f86d8f6761da9f129
-
SSDEEP
1536:xzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDqk3sA9atm8z+L8QBfuSoyAMjwT:KqJogYkcSNm9V7D7352v+L8DnyAewT
-
Renames multiple (329) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Lockbit-Ransomware-Builder-main/KeyGen.exe
-
Size
146KB
-
MD5
39c9477cf131ca5ccc05c8871c0e10e6
-
SHA1
07b2581b2cb41053d09c4bb896aaabc1d28f2a7b
-
SHA256
939281eac1c6e5aa2e4238a1e545e67b2609c15f517474b2a5133bb64fe9c1eb
-
SHA512
689fd585232031f746b1573d3ed66ac329420611d4e1092ce6952b49ab0c168091726bd02189a4e183d1196ced4f51953e4eb25a5219a36f86d8f6761da9f129
-
SSDEEP
1536:xzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDqk3sA9atm8z+L8QBfuSoyAMjwT:KqJogYkcSNm9V7D7352v+L8DnyAewT
-
Renames multiple (360) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
Lockbit-Ransomware-Builder-main/README.md
-
Size
3KB
-
MD5
224f96bf0512ce83183b44f1b4af5280
-
SHA1
edc014dd786fd63056f5af38053cafa15f2b4d25
-
SHA256
918dda007f7c531c4340c84c966ed9c97f4155f5547a5721c3a4cb6c9fcbcd20
-
SHA512
dea4e0d1aa0162cbdd4deb8df9a5a9c0b8777c890c6d61be143d670e436c1fad86485eb2fdc63952b42c65647fbcef63e32f8b4d7891c5788e11a4017b3dd27c
Score1/10 -