General
-
Target
LB3.exe
-
Size
146KB
-
Sample
241126-sdq2bawlhy
-
MD5
e77ed091631caf183dc4141fe8fb51f2
-
SHA1
bbd0c5aba9c95209d29e5b59113e0bae203bf6d6
-
SHA256
54ed464306c9e21af8bbef2b8b95a1f3762722ddbc9b8e1ad9661760909f6975
-
SHA512
3751d62156eaed483cff9f589d2dba6871dabcae61bdfe9f3629cfc49529697521e4cd39f572b99ae6dab189d6e70c0d9be2ca96558060c4cd7b10faf617d3c6
-
SSDEEP
3072:XqJogYkcSNm9V7Dvjh4eL2OAXrsrbWnUroWT:Xq2kc4m9tDj2Fbs2io
Malware Config
Targets
-
-
Target
LB3.exe
-
Size
146KB
-
MD5
e77ed091631caf183dc4141fe8fb51f2
-
SHA1
bbd0c5aba9c95209d29e5b59113e0bae203bf6d6
-
SHA256
54ed464306c9e21af8bbef2b8b95a1f3762722ddbc9b8e1ad9661760909f6975
-
SHA512
3751d62156eaed483cff9f589d2dba6871dabcae61bdfe9f3629cfc49529697521e4cd39f572b99ae6dab189d6e70c0d9be2ca96558060c4cd7b10faf617d3c6
-
SSDEEP
3072:XqJogYkcSNm9V7Dvjh4eL2OAXrsrbWnUroWT:Xq2kc4m9tDj2Fbs2io
Score9/10-
Renames multiple (356) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-