General
-
Target
LB3.exe
-
Size
147KB
-
Sample
241224-tvaaka1pc1
-
MD5
67008d6538e43ec4ef57359f7ca4f15f
-
SHA1
65078b6e640146bde300af0a6d70b91f45244343
-
SHA256
cb43fff6739186bdf2af5d4f34624c020196616cdae86fb755bf3d250bbe9b12
-
SHA512
9a9e281dcf6a783cb69f6ab9703af716dd304883ad1a92a17bf4498745b563b2560e4624d839cc7577776d31e22f596d821a183c4c4ec350d7fa7a8f0e44db54
-
SSDEEP
3072:V6glyuxE4GsUPnliByocWepTN5GqoLVB5FHONF:V6gDBGpvEByocWeX/oZB7u/
Behavioral task
behavioral1
Sample
LB3.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
LB3.exe
Resource
win10v2004-20241007-en
Malware Config
Extracted
C:\IoBMyuygl.README.txt
https://tox.chat/download.html
Targets
-
-
Target
LB3.exe
-
Size
147KB
-
MD5
67008d6538e43ec4ef57359f7ca4f15f
-
SHA1
65078b6e640146bde300af0a6d70b91f45244343
-
SHA256
cb43fff6739186bdf2af5d4f34624c020196616cdae86fb755bf3d250bbe9b12
-
SHA512
9a9e281dcf6a783cb69f6ab9703af716dd304883ad1a92a17bf4498745b563b2560e4624d839cc7577776d31e22f596d821a183c4c4ec350d7fa7a8f0e44db54
-
SSDEEP
3072:V6glyuxE4GsUPnliByocWepTN5GqoLVB5FHONF:V6gDBGpvEByocWeX/oZB7u/
Score10/10-
Renames multiple (342) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1