Overview

overview

10

Static

static

10

2024-11-27...de.exe

windows7-x64

7

2024-11-27...de.exe

windows10-2004-x64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2024-11-27_12ee1481a91f84a0bc71b45aa00844b0_darkside

  • Size

    156KB

  • Sample

    241127-cwl73synbp

  • MD5

    12ee1481a91f84a0bc71b45aa00844b0

  • SHA1

    309d2273d6875c14acb8976c429e022d9ed5a6ee

  • SHA256

    421f922658b985855a580ad3d6736c55817d252a9d6104c944786f7aae393b6b

  • SHA512

    e3293bc77e8177f7abc3a8b51ce05c20941735f9f3c9902201c8f7907529a25d3e1654704b7163324a6ed3b8604e6002ddcc7aa79ef2a8ec609ea548d160075a

  • SSDEEP

    3072:+DDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP3368JmSLTFh1zgH3/W:I5d/zugZqll30SD1gH3

Score
10/10
lockbitdefense_evasiondiscovery

Malware Config

Targets

    • Target

      2024-11-27_12ee1481a91f84a0bc71b45aa00844b0_darkside

    • Size

      156KB

    • MD5

      12ee1481a91f84a0bc71b45aa00844b0

    • SHA1

      309d2273d6875c14acb8976c429e022d9ed5a6ee

    • SHA256

      421f922658b985855a580ad3d6736c55817d252a9d6104c944786f7aae393b6b

    • SHA512

      e3293bc77e8177f7abc3a8b51ce05c20941735f9f3c9902201c8f7907529a25d3e1654704b7163324a6ed3b8604e6002ddcc7aa79ef2a8ec609ea548d160075a

    • SSDEEP

      3072:+DDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP3368JmSLTFh1zgH3/W:I5d/zugZqll30SD1gH3

    Score
    7/10
    defense_evasiondiscovery

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks