Overview
overview
10Static
static
10Builds.7z
windows7-x64
1Builds.7z
windows10-2004-x64
1Builds/ESX...me.zip
windows7-x64
1Builds/ESX...me.zip
windows10-2004-x64
1Builds/LBB...ad.zip
windows7-x64
1Builds/LBB...ad.zip
windows10-2004-x64
1LBB_PS1.ps1
windows7-x64
5LBB_PS1.ps1
windows10-2004-x64
9LBB_PS1_ob...ed.ps1
windows7-x64
3LBB_PS1_ob...ed.ps1
windows10-2004-x64
3LBB_PS1_pass.ps1
windows7-x64
10LBB_PS1_pass.ps1
windows10-2004-x64
10LBB_Reflec...in.dll
windows7-x64
9LBB_Reflec...in.dll
windows10-2004-x64
7LBB_Rundll32.dll
windows7-x64
3LBB_Rundll32.dll
windows10-2004-x64
3LBB_Rundll32_pass.dll
windows7-x64
10LBB_Rundll32_pass.dll
windows10-2004-x64
10LBB_pass.exe
windows7-x64
10LBB_pass.exe
windows10-2004-x64
10Password_dll.txt
windows7-x64
1Password_dll.txt
windows10-2004-x64
1Password_exe.txt
windows7-x64
1Password_exe.txt
windows10-2004-x64
1Password_ps1.txt
windows7-x64
1Password_ps1.txt
windows10-2004-x64
1Builds/LBG...ok.zip
windows7-x64
1Builds/LBG...ok.zip
windows10-2004-x64
1FC8E43EC21...32.exe
windows7-x64
7FC8E43EC21...32.exe
windows10-2004-x64
7FC8E43EC21...64.exe
windows7-x64
7FC8E43EC21...64.exe
windows10-2004-x64
7General
-
Target
Builds.7z
-
Size
1.8MB
-
Sample
241219-2a2s3sskck
-
MD5
484933f81970182e04f190efe2527da1
-
SHA1
72f0810a0ab7f1398ba9f0b0916ee97115e79cc4
-
SHA256
3968a850f5bc70d954bb5609d929f181a6f05a117fa3be4531cbd96cedfde5d6
-
SHA512
d9d5d96e13201de976d23783e077bb1f95af3946a44bd1347d637893e471eefed5d9b0de4a7d84d8d2040decf8cea4e3de83555b2424e58ebbc1c7eb4881e37a
-
SSDEEP
49152:bor7D7eZFTWD/gjKZ4FhydMzOoSGSW7TeXY:UfeZFT48HSCilTWB
Behavioral task
behavioral1
Sample
Builds.7z
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
Builds.7z
Resource
win10v2004-20241007-en
Behavioral task
behavioral3
Sample
Builds/ESXi_vx-_____________329D6F9DDBF138D4_19.12.24_i_love_anime.zip
Resource
win7-20241010-en
Behavioral task
behavioral4
Sample
Builds/ESXi_vx-_____________329D6F9DDBF138D4_19.12.24_i_love_anime.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral5
Sample
Builds/LBB_vx-_____________07AAB9B790E0235B_19.12.24_hacking_is_bad.zip
Resource
win7-20240903-en
Behavioral task
behavioral6
Sample
Builds/LBB_vx-_____________07AAB9B790E0235B_19.12.24_hacking_is_bad.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral7
Sample
LBB_PS1.ps1
Resource
win7-20240903-en
Behavioral task
behavioral8
Sample
LBB_PS1.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral9
Sample
LBB_PS1_obfuscated.ps1
Resource
win7-20240903-en
Behavioral task
behavioral10
Sample
LBB_PS1_obfuscated.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral11
Sample
LBB_PS1_pass.ps1
Resource
win7-20241023-en
Behavioral task
behavioral12
Sample
LBB_PS1_pass.ps1
Resource
win10v2004-20241007-en
Behavioral task
behavioral13
Sample
LBB_ReflectiveDll_DllMain.dll
Resource
win7-20240903-en
Behavioral task
behavioral14
Sample
LBB_ReflectiveDll_DllMain.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral15
Sample
LBB_Rundll32.dll
Resource
win7-20240903-en
Behavioral task
behavioral16
Sample
LBB_Rundll32.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral17
Sample
LBB_Rundll32_pass.dll
Resource
win7-20240903-en
Behavioral task
behavioral18
Sample
LBB_Rundll32_pass.dll
Resource
win10v2004-20241007-en
Behavioral task
behavioral19
Sample
LBB_pass.exe
Resource
win7-20240729-en
Behavioral task
behavioral20
Sample
LBB_pass.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral21
Sample
Password_dll.txt
Resource
win7-20240903-en
Behavioral task
behavioral22
Sample
Password_dll.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral23
Sample
Password_exe.txt
Resource
win7-20241010-en
Behavioral task
behavioral24
Sample
Password_exe.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral25
Sample
Password_ps1.txt
Resource
win7-20240903-en
Behavioral task
behavioral26
Sample
Password_ps1.txt
Resource
win10v2004-20241007-en
Behavioral task
behavioral27
Sample
Builds/LBG_vx-_____________FC8E43EC21BE9047_19.12.24_hacking_is_illegal_ok.zip
Resource
win7-20240903-en
Behavioral task
behavioral28
Sample
Builds/LBG_vx-_____________FC8E43EC21BE9047_19.12.24_hacking_is_illegal_ok.zip
Resource
win10v2004-20241007-en
Behavioral task
behavioral29
Sample
FC8E43EC21BE9047/lbg32.exe
Resource
win7-20240903-en
Behavioral task
behavioral30
Sample
FC8E43EC21BE9047/lbg32.exe
Resource
win10v2004-20241007-en
Behavioral task
behavioral31
Sample
FC8E43EC21BE9047/lbg64.exe
Resource
win7-20240903-en
Behavioral task
behavioral32
Sample
FC8E43EC21BE9047/lbg64.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
Builds.7z
-
Size
1.8MB
-
MD5
484933f81970182e04f190efe2527da1
-
SHA1
72f0810a0ab7f1398ba9f0b0916ee97115e79cc4
-
SHA256
3968a850f5bc70d954bb5609d929f181a6f05a117fa3be4531cbd96cedfde5d6
-
SHA512
d9d5d96e13201de976d23783e077bb1f95af3946a44bd1347d637893e471eefed5d9b0de4a7d84d8d2040decf8cea4e3de83555b2424e58ebbc1c7eb4881e37a
-
SSDEEP
49152:bor7D7eZFTWD/gjKZ4FhydMzOoSGSW7TeXY:UfeZFT48HSCilTWB
Score1/10 -
-
-
Target
Builds/ESXi_vx-_____________329D6F9DDBF138D4_19.12.24_i_love_anime.zip
-
Size
90KB
-
MD5
f8601b88d1abfe52654dd0726a930f22
-
SHA1
cf327abab426f1112be9907fa58dae0989f5642e
-
SHA256
7818967ae2af71f292edd68b9811129706c160240d89babceb6ebe4ae0ff17d5
-
SHA512
2073e9697358767305c9c55a92d1335a7a20e0d03d2aea59d778038812100aba375e3d9d0367f2b50f24befa8e6cea559d6d86773902c00e3733f1b12a937f32
-
SSDEEP
1536:5ZaSAisBv/LXkouNev8Ge9bwwzl/njrq8Du2nFSHMx6eXAjZc/RDeJ6E5:56Bb0LNlGAbBNjO8DuWSHMxnXAQM6y
Score1/10 -
-
-
Target
Builds/LBB_vx-_____________07AAB9B790E0235B_19.12.24_hacking_is_bad.zip
-
Size
980KB
-
MD5
5e299a2c0bab93ec974ad9ba8b9b72b5
-
SHA1
74241018f5e7fda31c0124f2c640b5a8742d25b2
-
SHA256
1336f6c265b29ef4c4c554cadd445dc095816e8b64a584f637dbc319c848346d
-
SHA512
c91b89e1c86411b018aba7a278db48a7a5c352d609764c3414b3f6322fb7aa00d2cdf520a5f67fa94ffbd39d8de97a3cf229c49f032358a7e3c4fa0f18d91160
-
SSDEEP
24576:dH5RCutvjMFvwmg7/EUlsJm4vsTYXug+bk13GdSa:dH5RCuFOvwdDFlsJmUCYegYk13Gdr
Score1/10 -
-
-
Target
LBB_PS1.ps1
-
Size
466KB
-
MD5
17a7cd1ead2d35ed5d69c71d4fd7386d
-
SHA1
734400d4444b88fe3848c80e3dba2ad9a5155c56
-
SHA256
20dd91f589ea77b84c8ed0f67bce837d1f4d7688e56754e709d467db0bea03c9
-
SHA512
7d5cd9b042229d1076a587b75594a002d379396d6ec889a8aee457a6a5a399130ae0a43fe0863adae23e32e46a7d17d4b55bfc2564cb17e579751161f6778828
-
SSDEEP
1536:Kk0H/lFq+N1mfoRlNyjZk11iBQcIY1Y+qFMJFOgvZ/wpKDcalOGODPNTbJYj6CJI:VA
Score9/10-
Renames multiple (146) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
LBB_PS1_obfuscated.ps1
-
Size
274B
-
MD5
a8e97fe5a7115e42759d67f7e4d88b0d
-
SHA1
7a4dce9165f34ca44e79b06f3a07281f6cf08823
-
SHA256
d9e7a01521d956c5ef3e07153209be63da738eee98902050c06424292d7b1387
-
SHA512
77126af7f207d4ab854e3293936c73591289ca97211823513941bdae60b9da48fc3b829e2819ef1230f86cb8761eab37f6dca61281b2dfc7209ce471af68422b
Score3/10 -
-
-
Target
LBB_PS1_pass.ps1
-
Size
590KB
-
MD5
d96d2bcf13d55740f3bb64d45d2db94d
-
SHA1
4ded4b1d4866a4adf534f5a4eb66386465fe3120
-
SHA256
82d89a75d80e80e4be42c9eb79e401558c9fa3175648cd0c0467f2de1a07a908
-
SHA512
cb1fbe8f36630915796d864c5a044177ea4ad881281ec454f932232fff99ce0524fb63becd96581a23cfe12bc455d55b613aaa389aa0a68fac97748400f473bd
-
SSDEEP
1536:Kk0H/lFq+N1mfoRlNyjZk11iBQcIY1Y+qFMJFOgvZ/wpKDcalOGODPNTbJYj6CJh:QA
Score10/10-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
-
-
Target
LBB_ReflectiveDll_DllMain.dll
-
Size
113KB
-
MD5
ab5bdca69285d4838af12117c910bfde
-
SHA1
208060cf988f1702124504bae0c6a4addbeb6db3
-
SHA256
5594fea724aa3a124b259e81999f20affecb2238f7e517c56c450a3a311ab2bd
-
SHA512
33c8cb31dd142defcf52ddadaa540d86d8fdd586ad3f0f280d90c66279cf09229edde08efb9daac81383f65ba171b86344c4e5c6343b02270bfa92201e08f547
-
SSDEEP
3072:+/fNzovq5EKHttru48dBVFktgraAyHXU:+/Gvq5EKH6zdrFPraA
Score9/10-
Renames multiple (196) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
-
-
Target
LBB_Rundll32.dll
-
Size
158KB
-
MD5
0682f7cfceb51d4a6a213b9fe4159ad2
-
SHA1
777833fdaf0c1e5d03dde300dba3947a9b65c656
-
SHA256
00aa54bfab3963a2c006058e48cde42e299811f9b85acbc69406c5bfb331f789
-
SHA512
72d79387ca0d9579d7a7bb7c6c729048bd1321fd07653cb7cbc9bedcc217fd18414b02b46f83843b3f90d0841fc61f24f0ef19700326d8a8aaf6366a00bc5113
-
SSDEEP
3072:thKVNA/3U+Z15B5RPu+zYNkQA1Izqa26odDWtiSCC8lvdLW:thoyUyX5RPu+zY6+Wa26iDWsSCC8lvI
Score3/10 -
-
-
Target
LBB_Rundll32_pass.dll
-
Size
154KB
-
MD5
b51e42d419218e70b0ae216c3ac57784
-
SHA1
f3023c627d1dce8d5ff4e6733af420df350fdda7
-
SHA256
a98fb2671ae63d179c1cf39d163a4b3dbf769c9951a0ebad5d4c76244752253e
-
SHA512
96fa388526984f3976ddb5f5376af88200e3d85bc41754556f9b00be32c81332d52aeb5b1e0387ce83be220f34199a88379aa9c90f679eb17ac10f9cf8714f37
-
SSDEEP
3072:sUM/b6nriEhhyj26gWNOm18JcdwgqYUkSvVDjogUliww56T9tEtc:sUsmr7yX3Um18JcdwgqYUkCRjorqGTP
Score10/10-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
-
-
Target
LBB_pass.exe
-
Size
156KB
-
MD5
0e38243dcb91851f0646140a16d6832d
-
SHA1
d5a11399206c54ef1bd11945a5f6a0d721c4a6c9
-
SHA256
635e9ca3baae7e32225f05d16159e339a297a4c1b749e5a8e81ffc8df3c5c37c
-
SHA512
8198cf16b815c697e94b8b19b7555191189d6eba2e0bc2b5690277244dcf7da74907d95d8a10bb9bf43a23ae94e5fb57d062c00f947fe8558c9ef633bb066b0e
-
SSDEEP
3072:iMvRBMY5u+t3YSs1C439/FgfDcTDnHNszfp0QoHkIgep3i8Skb4wE4Ab:ikBS+5YSsdLTH6zfQEupRUb
Score10/10-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
-
-
Target
Password_dll.txt
-
Size
1KB
-
MD5
90d07bc0f8a025f2ca071ceda59dc9e0
-
SHA1
28da80a9333fe780414e7e0368998a2408d477e4
-
SHA256
def3ca6cba392323badcce705c2a84db290b6202c993ca72f212e135339c3f52
-
SHA512
778ea930fc0e00d8fd5b4549034dc9ed0abee67435a057962ed69524aa715a956a7620dcdaf0e3e0a32467214fb411548fe44ccd17ada9ae1eafae79ac71b89d
Score1/10 -
-
-
Target
Password_exe.txt
-
Size
2KB
-
MD5
903c40280e90374e014fc11eb95d519c
-
SHA1
234d6419aa259977594982cac94f695999b0e66a
-
SHA256
c209135916377b1cabde1fe0f772078dd28eb255217ee8051759867ce2571bd8
-
SHA512
377a5943198d2fdc3a7015a2d87338fc2ba3cabdf4f69ce2a13617894cd3ed19d6205e3bea97ac63279f5742dcce5a52e0feedcedcfd07e12a170336dd49407f
Score1/10 -
-
-
Target
Password_ps1.txt
-
Size
1KB
-
MD5
e931c9344b1923f85b1290db7c3d63ff
-
SHA1
bc88433836de3dbc030370a382811fedc8f555c2
-
SHA256
fc44ae36e72db6c552ddbd7c4018fec472040c14d8026ecc265e934f198d6a3d
-
SHA512
b9be027a71f848c46326afe127ed6b1bab7585c41b6c338193cc8ddbe3b8ef77a899896dd8b6c27fc4e33cb460181daf76fb411903100e26d290b23984936125
Score1/10 -
-
-
Target
Builds/LBG_vx-_____________FC8E43EC21BE9047_19.12.24_hacking_is_illegal_ok.zip
-
Size
104KB
-
MD5
be56768da1843725c5e270aea1faabc0
-
SHA1
63573f687f70711a4a7f91c308e7edea95d8d767
-
SHA256
b988dfd6339f208ff78a417e52e46c33f6c829529c84acb32f9a992816c12a41
-
SHA512
a4b5d01245e1b17545ba4540f5239cf3ee412115116721e30f190234c8e38cca734dca89c17272e2ff1548a2f357e3be52c2e8713432a5e2a448539e04fd16bb
-
SSDEEP
3072:kV08Ti7c5bOIT1heswd4hJKFwkWq1XODuH1SmOA:kV5Ti73ITdY4hJKqkdODoAA
Score1/10 -
-
-
Target
FC8E43EC21BE9047/lbg32.exe
-
Size
60KB
-
MD5
c5cc3c5cef6b382568a54f579b2965ff
-
SHA1
e85b5bf2fd1ea0d5d71841f2cc8d46fc2055c22b
-
SHA256
48e2033a286775c3419bea8702a717de0b2aaf1e737ef0e6b3bf31ef6ae00eb5
-
SHA512
74d93ba3dc7b3fdfafe30663162dad3fee0b278d12fea527eb535b4eb25979dcc365b49cb702ac9c2addbb0ee550310759e88c2657b61a2b0e4906d4099281eb
-
SSDEEP
1536:SAndsqiqdYMRgIaN04k27Gtdf/3U9s1iGbQTqL9:Fds3vIaN04kKGhjmq
Score7/10-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Deletes itself
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
-
-
Target
FC8E43EC21BE9047/lbg64.exe
-
Size
49KB
-
MD5
8ff61e4156c10b085e0c2233f24e8501
-
SHA1
69d50a8efd73c619aa36113ec04368db83d9b331
-
SHA256
3552dda80bd6875c1ed1273ca7562c9ace3de2f757266dae70f60bf204089a4a
-
SHA512
dbde74b89d498d708215ddfdc9a2a38cb27be931c9fe2d5965aba3c31482a0efbe39913ed17eabe5eae3b5efc9cb369589784e7d9ce5b2e89505c10406038249
-
SSDEEP
768:9pZt6fz03gUYxTSGCoTrxTjA+xqCkEiAOPZAzEZoo6Czcit6OjeB6:jpQRNSGCo64OxAgZUCcicvB6
Score7/10-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Deletes itself
-
Drops startup file
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1