Overview

overview

10

Static

static

3

48116c6b90...37.exe

windows10-ltsc 2021-x64

10

Resubmissions

29-12-2024 13:04

241229-qay7easkhp 10

29-12-2024 04:36

241229-e8kwwsspht 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    JaffaCakes118_eb1244dffe50caf97e072c606d10f08f2ba6b712adba772cf62c6b9708f1d2f6

  • Size

    385KB

  • Sample

    241229-qay7easkhp

  • MD5

    d4ee27ec7197c75692df01f96010c78d

  • SHA1

    a3b9920fa47321ddf554d45e4ad871a548a96a9b

  • SHA256

    eb1244dffe50caf97e072c606d10f08f2ba6b712adba772cf62c6b9708f1d2f6

  • SHA512

    02daf9675793da4a48c3769f0eaa90093449b8550ca928d49f19ac18a34244fcd97a91359f4ef3b8dac643c4230e272351f30a76d1bdc3ef00651b85d2761006

  • SSDEEP

    12288:hj05WOwvDmvtoLh70tbaisl0+Em7kP0mOSfLChX7VGGIY:25W9DStcAtd60Yk6U43H

Score
10/10
lockbitdefense_evasiondiscoveryevasionexecutionimpactpersistenceransomware

Malware Config

Extracted

Path

C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.27\Restore-My-Files.txt

Ransom Note
LockBit 2.0 Ransomware Your data are stolen and encrypted The data will be published on TOR website http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion and https://bigblog.at if you do not pay the ransom You can contact us and decrypt one file for free on these TOR sites http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion OR https://decoding.at Decryption ID: C9429E1B932B36E888604C33D7CA4A48
URLs

http://lockbitapt6vx57t3eeqjofwgcglmutr3a35nygvokja5uuccip4ykyd.onion

https://bigblog.at

http://lockbitsup4yezcd5enk5unncx3zcy7kw6wllyqmiyhvanjj352jayid.onion

http://lockbitsap2oaqhcun3syvbqt6n5nzt7fqosc6jdlmsfleu3ka4k2did.onion

https://decoding.at

Extracted

Path

C:\Users\Admin\Desktop\LockBit_Ransomware.hta

Ransom Note
<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="x-ua-compatible" content="ie=9" /><title>LockBit</title><hta:application id=LockBit applicationName=LockBit selection=no scroll=no contextmenu=no innerBorder=no windowState=maximize minimizeButton=no singleInstance=yes sysMenu=no /><meta name="viewport" content="width=device-width, initial-scale=1.0" /><style>html{font-size:100%}body{position:relative;border:0;font-family:Arial;padding:1% 0 0;margin:0;width:100vw;height:100vh;overflow:hidden}*{font-size:1rem}.g1{content:"";position:absolute;left:0;top:50%;transform:translateY(-50%);height:368px;width:150px;z-index:-1}.g2{z-index:-1;content:"";position:absolute;right:0;top:50%;transform:translateY(-50%);height:368px;width:150px}.container{width:90%;margin:auto}.container img{max-width:100%}.ht{margin-bottom:1%;position:relative;padding-left:16px;font-weight:900;font-size:1rem;line-height:100%;letter-spacing:.05em;text-transform:uppercase;color:#dedede}.hb{margin-bottom:1%}.hb img{width:850px;max-width:100%}.hi{margin-bottom:1rem;background:#fcfcfd;border:1px dashed #f71b3a;box-sizing:border-box;border-radius:4px;padding:1rem 3rem;width:100%}.hit{margin-bottom:1%;font-weight:700;font-size:.9rem;line-height:100%;color:#222}.hib{font-weight:700;font-size:.9rem;line-height:100%;color:#f71b3a}.main-p{font-weight:700;font-size:1rem;line-height:125%;color:#333160}.mn{position:absolute;width:5%;height:276px;top:3rem}.mn img{max-width:90%}.ml1{position:absolute;width:50%;height:10rem;left:0;top:0;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2%}.ml2{position:absolute;width:50%;height:13rem;left:0;top:11rem;background:#f3f3fc;border:1px solid #cfd3da;box-sizing:border-box;padding:2%}.mr3{position:absolute;padding:2%;width:48%;height:24rem;left:52%;top:0;background:#ffdfdf;border:1px solid #ffa5aa;box-sizing:border-box;border-radius:4px;font-size:15px;line-height:130%}.mlb{font-size:.8rem;line-height:1.2;color:#8988a4;margin-top:2%;margin-bottom:2%}.mlb img{max-width:14px}.sp1{left:0;top:50%;position:absolute;display:block;width:6px;height:6px;background:#f71b3a;transform:translateY(-50%) rotate(135deg)}.mll{font-size:.9rem;line-height:1.2;color:#333160;margin-bottom:2%;position:relative;padding-left:20px}.mll a{font-size:.8rem}.mlt{margin-bottom:15px;font-weight:700;font-size:.9rem;line-height:1.2;color:#333160}.mlt img{max-width:14px;position:relative}.mrli{font-size:.9rem;line-height:1.2;margin-bottom:2%;position:relative;padding-left:25px;color:#222}.mrli a{font-size:.9rem}</style><script type="text/javascript">function o(c){var d=new ActiveXObject("WScript.Shell");d.run(c.href)};</script></head><body bgcolor="#F8F8F8" text="buttontext"><img class="g1" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAFwAQMAAABgpRCKAAAABlBMVEXw8PDv7+81SmF7AAAAAXRSTlMBN+Ho8AAAAWpJREFUeAHt1slxBCEMhWFRs3AkhA7BIRAahEYIDoEQOM5CIfvOX2V5nwWOX+8t6RWirzIt1QamGayDaQY7gSlZBTuBKVkBO4ENMM1gFayBdTAly2AV7ATWwQaYZrACVsFOYB1sgClZBitgDewE1sGG0ZSsGK2CNbATWP/YDC/t6K9uYDsqe4Kyb/Pflx0Y9mUEC9CrHnrVgeHgRLANhimA+fkniAPDaU9gERJgI4PoCWAe0mMH5sAgytgSWIQMJdvIIC6D0TwZFGRnNEcGhSOT71iai/4ti39mJyim9bxly27TdFpkFayBnYzWly1btuxH7AVMElgAc2CSwCJYAPNgDkzIElgE24wWwLzRdkZzRpPvWFom+rPmjLYzmjda+EY/R7AEZpxBDxZuyPyN2+7Gzd2hya1buiFTmzmwHZgHiw+8l1q27PTD1r5h1WjFaBlMZhtG62AnsAZWwDKYzNbBGliZbchs9Z3eAJcyeuremDsyAAAAAElFTkSuQmCC" /><img class="g2" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAJYAAAFwAQMAAABgpRCKAAAABlBMVEXv7+/w8PB6KHGJAAAAAnRSTlP/AZKwANwAAAGJSURBVHgB7dSHbQMhFMbxh1xQZwQWyA6MdozGCBmBEVB3QRApF3wk77P80l34q/+uH4Xqx56JWSRmO+LmuSXi5rll4haBEbcMLAEL3Apx2wFLwAIw4paB7YBFYAEYcSvAdsASsAjMAyNuBVgGtgMWheaBEbcitJ3QErAILADzwEhmBVheQGfig9ssncgCqyeLjfRioZkFVhfzb7QCZjrrbtesNJu4qbpYbo8AZjrbtUcAc52l9lhuqnYWZ1sB072F2Qww25ufzV2y9nrAKjfVW5ltJTTdW57NCM32tjtv7pKl2SahVZmpdxY/ZasvWXg1/cNmftX82fMsOg+YvVobNmxHvAgsAPPQ/rPRaDR64qQzN8dNVW4amAXmgE3cVOW2AqaBGaFZYA7YJLQqMyW01TdMQxu2+oYpoZHUJqE5YFZoBpgGtgJGyCZg7opsunKr123qBm115aavyFZCU9/ZDwywW2k08j9s4RsWhZaEtgOWgRWhVWQeWACWgO2AZWAVWQCWgBVg7MQX+2SwUiS8JcwAAAAASUVORK5CYII=" /><div class="container" style=""><div style="text-align:center;margin-bottom:15px"><img alt="" src="data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iMTQ2IiBoZWlnaHQ9IjIwIiB2aWV3Qm94PSIwIDAgMTQ2IDIwIiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cGF0aCBmaWxsLXJ1bGU9ImV2ZW5vZGQiIGNsaXAtcnVsZT0iZXZlbm9kZCIgZD0iTTIxLjgzOTUgMTkuNTU3NUMyMy45NDE2IDE5LjA0MTIgMjYgMTcuODE3OCAyNiAxNC41MjExQzI2IDExLjY0NTYgMjUuMTMzNCAxMC4wNjQxIDIzLjk3NzggMTAuMDY0MUMyNS4xMzM0IDEwLjA2NDEgMjYgOC4zMzg4NCAyNiA1LjQ2MzM4QzI2IDMuODgxODcgMjUuMjc3OCAwIDE4Ljc3NzkgMEgxMi4wNDk0TDguNzI3MTEgMy4zMDY3N0gxMi41MDY3TDE0LjU1OSAxLjI2Mzk3TDE0LjYzMTQgMS4xOTIwMUgxNC43MzM2SDE3LjA0NDZIMTkuMjExNEMyMC4wMzk0IDEuMTkyMDEgMjEuMzQ5MyAxLjQxNDcxIDIyLjQ2MDkgMi4wNzEwNkMyMy41ODQgMi43MzQyNiAyNC41MTM2IDMuODQ4OTUgMjQuNTEzNiA1LjYwNzEzQzI0LjUxMzYgNy41NDA3MyAyMy44MzU2IDguNzA2NjUgMjIuNzkzMSA5LjM3MjMxQzIyLjMyMDUgOS42NzQxMiAyMS43ODIyIDkuODY2NjYgMjEuMjE3NiA5Ljk4NjM4QzIxLjc5MTMgMTAuMTcwNiAyMi4zMzMyIDEwLjQzNjMgMjIuODA2MSAxMC43ODI4QzIzLjgxNzggMTEuNTIzNyAyNC41MTM2IDEyLjYzNTggMjQuNTEzNiAxNC4wODk3QzI0LjUxMzYgMTUuMzUzMSAyNC4xNzcyIDE2LjUwNDcgMjMuMzE5OSAxNy4zMzg2QzIyLjcyMzIgMTcuOTE5MSAyMS44OTM4IDE4LjMyNjQgMjAuNzk3NyAxOC41MjA0TDIxLjgzOTUgMTkuNTU3NVpNMTIuMTM3NiA5LjkwMDQyTDEwLjU2ODcgOC4zMzg4NEgxNy44MjNMMTYuMjU0MSA5LjkwMDQySDEyLjEzNzZaTTEzLjg5MDkgMTEuNjQ1NkwxMi40NjY3IDEwLjIyOEgxNi4zMjIySDE2LjM5MDVMMTYuNDM4NyAxMC4xOEwxOC4yODg0IDguMzM4ODRIMTkuMzU1N0MyMS41MjIyIDguMzM4ODQgMjIuMzg5IDcuMDQ0ODggMjIuMzg5IDUuNzUwOTJDMjIuMzg5IDQuMzEzMTkgMjEuODExMiAzLjMwNjc3IDE5LjM1NTcgMy4zMDY3N0gxMy4yMDQ5TDE0LjgzNTggMS42ODMzOUgxNy4wNDQ2SDE5LjIxMTRDMTkuOTcyMSAxLjY4MzM5IDIxLjE5IDEuODkyMDIgMjIuMjA4OSAyLjQ5MzY4QzIzLjIxNjQgMy4wODg0OCAyNC4wMTk5IDQuMDU4NTIgMjQuMDE5OSA1LjYwNzEzQzI0LjAxOTkgNy40MTE2MSAyMy4zOTggOC40MDIyOSAyMi41MjY1IDguOTU4NzJDMjEuNjMyNSA5LjUyOTU5IDIwLjQzMDEgOS42NzQ2MyAxOS4yMTE0IDkuNjc0NjNWMTAuMTY2QzIwLjM5NDcgMTAuMTY2IDIxLjYwNTMgMTAuNTEzMyAyMi41MTM1IDExLjE3ODVDMjMuNDE1OCAxMS44MzkzIDI0LjAxOTkgMTIuODExOSAyNC4wMTk5IDE0LjA4OTdDMjQuMDE5OSAxNS4yNzA2IDIzLjcwNjQgMTYuMjc1NSAyMi45NzQ4IDE2Ljk4NzJDMjIuNDA4NCAxNy41MzgxIDIxLjU2NzMgMTcuOTM2OCAyMC4zNjQ0IDE4LjA4OTFMMTguOTQ2NCAxNi42Nzc3SDE5LjM1NTdDMjEuMjMzNCAxNi42Nzc3IDIyLjM4OSAxNS4yMzk5IDIyLjM4OSAxNC4wODk4QzIyLjM4OSAxMi45Mzk2IDIxLjgxMTIgMTEuNjQ1NiAxOS4zNTU3IDExLjY0NTZIMTMuODkwOVpNNS41MTMxNSAzLjMwNjc3TDMuODgyMjMgMS42ODMzOUg2LjIxMTUzSDYuMzEzNzJMNi4zODU5NiAxLjYxMTQzTDguMDA0ODcgMEgxMS4zNTExTDguMDI5MDcgMy4zMDY3N0g1LjUxMzE1Wk0xLjk4MDYxIDMuNDk2NzZMMy4zNDgyNCA0Ljg1ODA1VjkuMTE2MDdMMCAxMi40NDg3VjguMjU1MzdMMS45MDgyIDYuMzU1OTVMMS45ODA2MSA2LjI4Mzk5VjYuMTgyMjFWMy40OTY3NlpNMy4zODg1NiAxLjE5MjAxSDYuMTA5MThMNy4zMDY4MiAwSDMuMzQ4MjRIMi4xOTEwOEwzLjM4ODU2IDEuMTkyMDFaTTAuMDAwMzI4OTMzIDBIMFYwLjAwMDI2MTAyMUwwLjAwMDMyODkzMyAwWk0wIDEuNTI1MzdMMS40ODY5NCAzLjAwNTM3VjYuMDgwNDRMMCA3LjU2MDQ1VjEuNTI1MzdaTTE1LjIwODcgMTYuNjYzNkwxOC41NTY5IDE5Ljk5NjFDMTguMzQ0MiAyMC4wMDIyIDE4LjA2NzIgMjAuMDAwMiAxNy44MzA3IDE5Ljk5NjNIMTUuMzgzNEwxMi4wMzUyIDE2LjY2MzZIMTUuMjA4N1pNMCAxMy4xNDM3VjE5Ljk5NlYxOS45OTYzSDEwLjM1Mkw4Ljk5ODE0IDE4LjY0ODZIMS43MzM3N0gxLjQ4Njk0VjE4LjQwMjlWMTYuMTAyNlYxNi4wMDA4TDEuNTU5MTggMTUuOTI4OEwzLjM0ODI0IDE0LjE0ODFWOS44MTA5OEwwIDEzLjE0MzdaTTMuMzQ4MjQgMTQuODQzTDEuOTgwNjEgMTYuMjA0M1YxOC4xNTcySDkuMTAwMzNIOS4yMDI1Mkw5LjI3NDkzIDE4LjIyOTFMMTEuMDUwMiAxOS45OTYzSDE0LjY4NTJMMTEuMzM3IDE2LjY2MzZIMy4zNDgyNFYxNC44NDNaIiBmaWxsPSIjRjcxQjNBIi8+CjxwYXRoIGQ9Ik0xNDYgMkg4NVYxOEgxNDZWMloiIGZpbGw9IiNGNzFCM0EiLz4KPHBhdGggZD0iTTM1IDMuNjAxMDVIMzcuOTE2N1YxMy43OTEySDQxLjgzNzJWMTYuMjU4MUgzNVYzLjYwMTA1Wk01MC41MjU4IDMuMzE2NDFDNTIuNTIwNyAzLjMxNjQxIDU0LjE0OTUgMy45Mjk4OSA1NS40MTIyIDUuMTU3MDlDNTYuNzI1NCA2LjQzNDc0IDU3LjM4MTggOC4wMjg3MyA1Ny4zODE4IDkuOTM5MDZDNTcuMzgxOCAxMS44MjM5IDU2LjcyNTQgMTMuNDA1NCA1NS40MTIyIDE0LjY4MzFDNTQuMTM2OSAxNS45MjI4IDUyLjUwODEgMTYuNTQyNyA1MC41MjU4IDE2LjU0MjdDNDguNTMwOCAxNi41NDI3IDQ2Ljg4OTQgMTUuOTIyOCA0NS42MDE1IDE0LjY4MzFDNDQuOTgyOCAxNC4xMDExIDQ0LjQ5NjcgMTMuNDA1NCA0NC4xNDMyIDEyLjU5NTdDNDMuODAyMyAxMS43NzM1IDQzLjYzMTggMTAuOTAwNiA0My42MzE4IDkuOTc3MDJDNDMuNjMxOCA5LjA5MTM5IDQzLjgwODYgOC4yMTg0OSA0NC4xNjIxIDcuMzU4MzFDNDQuNTI4MyA2LjQ4NTQxIDQ1LjAwMTggNS43NTgwNyA0NS41ODI2IDUuMTc2MDZDNDYuODIgMy45MzYzNyA0OC40Njc3IDMuMzE2NDEgNTAuNTI1OCAzLjMxNjQxWk01MC41MDY5IDYuMDExMDFDNDkuMzgzMSA2LjAxMTAxIDQ4LjQ2MTQgNi4zNzE1NiA0Ny43NDE3IDcuMDkyNjVDNDYuOTk2NyA3LjgxMzc0IDQ2LjYyNDMgOC43Njg4IDQ2LjYyNDMgOS45NTgwNEM0Ni42MjQzIDExLjA5NjYgNDcuMDA5NCAxMi4wNDU0IDQ3Ljc3OTYgMTIuODA0NUM0OC41MTE5IDEzLjUwMDMgNDkuNDE0NyAxMy44NDgxIDUwLjQ4NzkgMTMuODQ4MUM1MS42MzY5IDEzLjg0ODEgNTIuNTcxMyAxMy40ODc2IDUzLjI5MSAxMi43NjY1QzU0LjAyMzMgMTIuMDU4MSA1NC4zODk0IDExLjExNTYgNTQuMzg5NCA5LjkzOTA2QzU0LjM4OTQgOC43NzUyNyA1NC4wMjMzIDcuODI2NDcgNTMuMjkxIDcuMDkyNjVDNTIuNTQ2IDYuMzcxNTYgNTEuNjE4IDYuMDExMDEgNTAuNTA2OSA2LjAxMTAxWk02OS44MTcgMTIuNTAwOFYxNS44NTk2QzY4LjkyMDYgMTYuMzE1IDY3Ljk5MjYgMTYuNTQyNyA2Ny4wMzI5IDE2LjU0MjdDNjQuOTc0OCAxNi41NDI3IDYzLjMyMDggMTUuOTI5MyA2Mi4wNzA4IDE0LjcwMjFDNjAuNzU3NyAxMy40MjQ0IDYwLjEwMTEgMTEuODIzOSA2MC4xMDExIDkuOTAxMTFDNjAuMTAxMSA4LjAwMzUgNjAuNzU3NyA2LjQxNTc2IDYyLjA3MDggNS4xMzgxMUM2My4zMjA4IDMuOTIzNjQgNjQuODkyOCAzLjMxNjQxIDY2Ljc4NjcgMy4zMTY0MUM2Ny43MjEgMy4zMTY0MSA2OC43MzEyIDMuNTUwMzcgNjkuODE3IDQuMDE4NTJWNy4zOTYyNkM2OC45NzEgNi40OTgxNCA2Ny45ODYxIDYuMDQ4OTYgNjYuODYyNSA2LjA0ODk2QzY1LjgyNyA2LjA0ODk2IDY0Ljk2ODUgNi4zNzc4MSA2NC4yODY3IDcuMDM1NzJDNjMuNDkxMiA3LjgwNzQ5IDYzLjA5MzUgOC43ODE1MiA2My4wOTM1IDkuOTU4MDRDNjMuMDkzNSAxMS4xMDkzIDYzLjQ1OTYgMTIuMDM5MiA2NC4xOTIgMTIuNzQ3NUM2NC44OTkgMTMuNDU1OSA2NS44MDgxIDEzLjgxMDIgNjYuOTE5MyAxMy44MTAyQzY3Ljk2NzIgMTMuODEwMiA2OC45MzMxIDEzLjM3MzcgNjkuODE3IDEyLjUwMDhaTTc2LjIwODUgMy42MDEwNVY4Ljg3NjRMODAuNTI2NyAzLjYwMTA1SDg0LjA4NzRMNzguOTczNyA5LjU5NzQ5TDg0LjQ4NTEgMTYuMjU4MUg4MC43MzUxTDc2LjIwODUgMTAuNjQxMlYxNi4yNTgxSDczLjI5MTlWMy42MDEwNUg3Ni4yMDg1WiIgZmlsbD0iIzIyMjIyMiIvPgo8cGF0aCBkPSJNODcuMTE3MiAzLjYwMTU2SDkwLjk4MDhDOTIuNDQ1NCAzLjYwMTU2IDkzLjUxODcgMy45MjQxNiA5NC4yMDA2IDQuNTY5MzRDOTQuODA2NiA1LjE1MTM1IDk1LjEwOTcgNS45NDgzNSA5NS4xMDk3IDYuOTYwMzNDOTUuMTA5NyA3LjU5Mjc5IDk0Ljk3MDggOC4xMzA2IDk0LjY5MyA4LjU3MzNDOTQuNDQwNSA4Ljk5MDc3IDk0LjA4NjkgOS4zMDA2NCA5My42MzI0IDkuNTAzMTNDOTQuMzM5NCA5LjYxNjk4IDk0LjkyMDMgOS45MDE2MyA5NS4zNzQ4IDEwLjM1NzFDOTUuOTE3OCAxMC45MDExIDk2LjE4OTIgMTEuNjUzNyA5Ni4xODkyIDEyLjYxNTJDOTYuMTg5MiAxMy42NjUxIDk1Ljg2MSAxNC41MTkxIDk1LjIwNDQgMTUuMTc3Qzk0LjQ1OTUgMTUuODk4MSA5My4zNDgzIDE2LjI1ODYgOTEuODcxIDE2LjI1ODZIODcuMTE3MlYzLjYwMTU2Wk04OS45OTYgNS44Nzg3VjguNzQ0MDhIOTAuNDY5NUM5MS4xMjYxIDguNzQ0MDggOTEuNjE4NiA4LjYyMzk4IDkxLjk0NjggOC4zODM1NEM5Mi4yODc3IDguMTQzMSA5Mi40NTgxIDcuNzcwMDUgOTIuNDU4MSA3LjI2Mzk1QzkyLjQ1ODEgNi44MDg1MiA5Mi4yOTM5IDYuNDU0MjMgOTEuOTY1NyA2LjIwMTI5QzkxLjY4NzggNS45ODYzIDkxLjE4MjkgNS44Nzg3IDkwLjQ1MDUgNS44Nzg3SDg5Ljk5NlpNODkuOTk2IDEwLjkwNzRWMTMuOTgxNUg5MC42OTY4QzkxLjc3MDEgMTMuOTgxNSA5Mi40ODk4IDEzLjgxMDcgOTIuODU1OSAxMy40NjkxQzkzLjEzMzcgMTMuMjE2MiA5My4yNzI1IDEyLjg2MTkgOTMuMjcyNSAxMi40MDY1QzkzLjI3MjUgMTEuOTYzOCA5My4xNCAxMS42MjIyIDkyLjg3NDggMTEuMzgxOEM5Mi41MzM5IDExLjA2NTQgOTEuODM5NCAxMC45MDc0IDkwLjc5MTUgMTAuOTA3NEg4OS45OTZaTTk5LjU1NTggMy42MDE1NkgxMDIuNDcyVjE2LjI1ODZIOTkuNTU1OFYzLjYwMTU2Wk0xMTMuNjAyIDYuMDY4NDVIMTEwLjg1NlYxNi4yNTg2SDEwNy45MzlWNi4wNjg0NUgxMDUuMTkzVjMuNjAxNTZIMTEzLjYwMlY2LjA2ODQ1WiIgZmlsbD0id2hpdGUiLz4KPHBhdGggZD0iTTEyNi4xNDYgMTMuNTNWMTZIMTE2LjQ1NkwxMjAuMjU2IDExLjg1OEMxMjEuMTgxIDEwLjgxOTMgMTIxLjg3MSA5Ljk1OCAxMjIuMzI3IDkuMjc0QzEyMi44MzQgOC40NjMzMyAxMjMuMDg3IDcuNzQ3NjcgMTIzLjA4NyA3LjEyN0MxMjMuMDg3IDYuNTk1IDEyMi45MjIgNi4xNzcgMTIyLjU5MyA1Ljg3M0MxMjIuMzI3IDUuNjMyMzMgMTIxLjk0MSA1LjUxMiAxMjEuNDM0IDUuNTEyQzEyMC45NCA1LjUxMiAxMjAuNTU0IDUuNjY0IDEyMC4yNzUgNS45NjhDMTE5LjkyIDYuMzYwNjcgMTE5Ljc0MyA2Ljg4IDExOS43NDMgNy41MjZIMTE2LjgxN0MxMTYuOTMxIDYuMjA4NjcgMTE3LjM2OCA1LjE1MSAxMTguMTI4IDQuMzUzQzExOC45NTEgMy40NzkgMTIwLjExNyAzLjA0MiAxMjEuNjI0IDMuMDQyQzEyMi45NzkgMy4wNDIgMTI0LjA3NSAzLjQ0MSAxMjQuOTExIDQuMjM5QzEyNS42OTYgNS4wMjQzMyAxMjYuMDg5IDYuMDM3NjcgMTI2LjA4OSA3LjI3OUMxMjYuMDg5IDguMjU0MzMgMTI1Ljc3MiA5LjE4NTMzIDEyNS4xMzkgMTAuMDcyQzEyNC43NTkgMTAuNjA0IDEyNC4wODEgMTEuMzMyMyAxMjMuMTA2IDEyLjI1N0wxMjEuNzc2IDEzLjUzSDEyNi4xNDZaTTEyNy44NDkgMTUuODFDMTI3LjUxOSAxNS40NjggMTI3LjM1NSAxNS4wNTYzIDEyNy4zNTUgMTQuNTc1QzEyNy4zNTUgMTQuMDkzNyAxMjcuNTE5IDEzLjY4ODMgMTI3Ljg0OSAxMy4zNTlDMTI4LjE5MSAxMy4wMTcgMTI4LjYwMiAxMi44NDYgMTI5LjA4NCAxMi44NDZDMTI5LjU2NSAxMi44NDYgMTI5Ljk3IDEzLjAxNyAxMzAuMyAxMy4zNTlDMTMwLjY0MiAxMy42ODgzIDEzMC44MTMgMTQuMDkzNyAxMzAuODEzIDE0LjU3NUMxMzAuODEzIDE1LjA1NjMgMTMwLjY0MiAxNS40NjggMTMwLjMgMTUuODFDMTI5Ljk3IDE2LjEzOTMgMTI5LjU2NSAxNi4zMDQgMTI5LjA4NCAxNi4zMDRDMTI4LjYwMiAxNi4zMDQgMTI4LjE5MSAxNi4xMzkzIDEyNy44NDkgMTUuODFaTTE0MS42ODcgOS42NzNDMTQxLjY4NyAxMi4wMDM3IDE0MS4wNzkgMTMuNzcwNyAxMzkuODYzIDE0Ljk3NEMxMzguOTYzIDE1Ljg0OCAxMzcuODMgMTYuMjg1IDEzNi40NjIgMTYuMjg1QzEzNS4xMTkgMTYuMjg1IDEzMy45OTggMTUuODQ4IDEzMy4wOTkgMTQuOTc0QzEzMS44ODMgMTMuNzcwNyAxMzEuMjc1IDEyLjAwMzcgMTMxLjI3NSA5LjY3M0MxMzEuMjc1IDcuMzA0MzMgMTMxLjg4MyA1LjUzMSAxMzMuMDk5IDQuMzUzQzEzMy45OTggMy40NzkgMTM1LjExOSAzLjA0MiAxMzYuNDYyIDMuMDQyQzEzNy44MyAzLjA0MiAxMzguOTYzIDMuNDc5IDEzOS44NjMgNC4zNTNDMTQxLjA3OSA1LjUzMSAxNDEuNjg3IDcuMzA0MzMgMTQxLjY4NyA5LjY3M1pNMTM3LjY1OSA2LjAyNUMxMzcuMzI5IDUuNzA4MzMgMTM2LjkzNyA1LjU1IDEzNi40ODEgNS41NUMxMzYuMDI1IDUuNTUgMTM1LjYzMiA1LjcwODMzIDEzNS4zMDMgNi4wMjVDMTM0LjU5MyA2LjcyMTY3IDEzNC4yMzkgNy45MzEzMyAxMzQuMjM5IDkuNjU0QzEzNC4yMzkgMTEuMzg5MyAxMzQuNTkzIDEyLjYwNTMgMTM1LjMwMyAxMy4zMDJDMTM1LjYzMiAxMy42MTg3IDEzNi4wMjUgMTMuNzc3IDEzNi40ODEgMTMuNzc3QzEzNi45MzcgMTMuNzc3IDEzNy4zMjkgMTMuNjE4NyAxMzcuNjU5IDEzLjMwMkMxMzguMzY4IDEyLjYwNTMgMTM4LjcyMyAxMS4zODkzIDEzOC43MjMgOS42NTRDMTM4LjcyMyA3LjkzMTMzIDEzOC4zNjggNi43MjE2NyAxMzcuNjU5IDYuMDI1WiIgZmlsbD0id2hpdGUiLz4KPC9zdmc+Cg==" /></div><div class="hb" style="text-align:center"><img alt="" src="data:image/svg+xml;base64,PHN2ZyB3aWR0aD0iNTc5IiBoZWlnaHQ9IjI1IiB2aWV3Qm94PSIwIDAgNTc5IDI1IiBmaWxsPSJub25lIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgo8cmVjdCB4PSI5OSIgd2lkdGg9IjE3OSIgaGVpZ2h0PSIyNSIgZmlsbD0iI0Y3MUIzQSIvPgo8cmVjdCB4PSIzMjUiIHdpZHRoPSIyNTQiIGhlaWdodD0iMjUiIGZpbGw9IiNGNzFCM0EiLz4KPHBhdGggZD0iTTEzLjM2IDIwSDEwLjY3Mkw5LjYxNiAxNi45NTJINC4xNjhMMy4xMTIgMjBIMC40MjRMNS40NCA1LjY0OEg4LjM2OEwxMy4zNiAyMFpNOC44MjQgMTQuNTUyTDYuOTA0IDguODg4TDQuOTYgMTQuNTUySDguODI0Wk0yNC4xMDc5IDIwSDE1LjIyNzlWNS42NDhIMTcuNzQ3OVYxNy42SDI0LjEwNzlWMjBaTTM1LjYzOTEgMjBIMjYuNzU5MVY1LjY0OEgyOS4yNzkxVjE3LjZIMzUuNjM5MVYyMFpNNTQuNDUwOCA1LjY0OEw0OS42OTg4IDEzLjczNlYyMEg0Ny4xNzg4VjEzLjczNkw0Mi40NzQ4IDUuNjQ4SDQ1LjI1ODhMNDguNDUwOCAxMS4wOTZMNTEuNjQyOCA1LjY0OEg1NC40NTA4Wk02Ny4zMjc2IDE2LjU5MkM2Ny4zMjc2IDE3LjEyIDY3LjE5OTYgMTcuNTc2IDY2Ljk0MzYgMTcuOTZDNjYuNzUxNiAxOC4yMTYgNjYuNDYzNiAxOC41MzYgNjYuMDc5NiAxOC45MkM2NS43MTE2IDE5LjMwNCA2NS40MTU2IDE5LjU2IDY1LjE5MTYgMTkuNjg4QzY0LjcyNzYgMTkuOTc2IDY0LjIzMTYgMjAuMTIgNjMuNzAzNiAyMC4xMkg2MC4wNTU2QzU5LjUyNzYgMjAuMTIgNTkuMDMxNiAxOS45NzYgNTguNTY3NiAxOS42ODhDNTguMzQzNiAxOS41NiA1OC4wMzE2IDE5LjMwNCA1Ny42MzE2IDE4LjkyQzU3LjI0NzYgMTguNTIgNTYuOTc1NiAxOC4yIDU2LjgxNTYgMTcuOTZDNTYuNTU5NiAxNy41NzYgNTYuNDMxNiAxNy4xMiA1Ni40MzE2IDE2LjU5MlY5LjA4QzU2LjQzMTYgOC41NTIgNTYuNTU5NiA4LjA5NiA1Ni44MTU2IDcuNzEyQzU2Ljk3NTYgNy40NzIgNTcuMjQ3NiA3LjE2IDU3LjYzMTYgNi43NzZDNTguMDMxNiA2LjM3NiA1OC4zNDM2IDYuMTEyIDU4LjU2NzYgNS45ODRDNTkuMDMxNiA1LjY5NiA1OS41Mjc2IDUuNTUyIDYwLjA1NTYgNS41NTJINjMuNzAzNkM2NC4yMzE2IDUuNTUyIDY0LjcyNzYgNS42OTYgNjUuMTkxNiA1Ljk4NEM2NS40MTU2IDYuMTEyIDY1LjcxMTYgNi4zNjggNjYuMDc5NiA2Ljc1MkM2Ni40NjM2IDcuMTM2IDY2Ljc1MTYgNy40NTYgNjYuOTQzNiA3LjcxMkM2Ny4xOTk2IDguMDk2IDY3LjMyNzYgOC41NTIgNjcuMzI3NiA5LjA4VjE2LjU5MlpNNTguOTUxNiA5LjE1MlYxNi41NjhDNTguOTUxNiAxNi42MTYgNTguOTU5NiAxNi42NDggNTguOTc1NiAxNi42NjRDNTkuMjk1NiAxNy4xNDQgNTkuNjQ3NiAxNy40ODggNjAuMDMxNiAxNy42OTZDNjAuMDYzNiAxNy43MTIgNjAuMTAzNiAxNy43MiA2MC4xNTE2IDE3LjcySDYzLjYwNzZDNjMuNjU1NiAxNy43MiA2My42OTU2IDE3LjcxMiA2My43Mjc2IDE3LjY5NkM2NC4xMTE2IDE3LjQ4OCA2NC40NjM2IDE3LjE0NCA2NC43ODM2IDE2LjY2NEw2NC44MDc2IDE2LjU2OFY5LjE1MkM2NC44MDc2IDkuMDg4IDY0Ljc5OTYgOS4wNDggNjQuNzgzNiA5LjAzMkM2NC40NDc2IDguNTM2IDY0LjA5NTYgOC4xODQgNjMuNzI3NiA3Ljk3NkM2My42OTU2IDcuOTYgNjMuNjU1NiA3Ljk1MiA2My42MDc2IDcuOTUySDYwLjE1MTZDNjAuMDg3NiA3Ljk1MiA2MC4wNDc2IDcuOTYgNjAuMDMxNiA3Ljk3NkM1OS42NjM2IDguMTg0IDU5LjMxMTYgOC41MzYgNTguOTc1NiA5LjAzMkw1OC45NTE2IDkuMTUyWk03OC4wNzY0IDE2LjU2OFY1LjY0OEg4MC41OTY0VjE2LjU5MkM4MC41OTY0IDE3LjEyIDgwLjQ2ODQgMTcuNTc2IDgwLjIxMjQgMTcuOTZDODAuMDM2NCAxOC4yIDc5Ljc1NjQgMTguNTIgNzkuMzcyNCAxOC45MkM3OS4wMDQ0IDE5LjMwNCA3OC43MDA0IDE5LjU2IDc4LjQ2MDQgMTkuNjg4Qzc3Ljk5NjQgMTkuOTc2IDc3LjUwODQgMjAuMTIgNzYuOTk2NCAyMC4xMkg3My45NDg0QzczLjQyMDQgMjAuMTIgNzIuOTI0NCAxOS45NzYgNzIuNDYwNCAxOS42ODhDNzIuMjM2NCAxOS41NiA3MS45MjQ0IDE5LjMwNCA3MS41MjQ0IDE4LjkyQzcxLjE0MDQgMTguNTIgNzAuODY4NCAxOC4yIDcwLjcwODQgMTcuOTZDNzAuNDUyNCAxNy41NzYgNzAuMzI0NCAxNy4xMiA3MC4zM
URLs

http-equiv="Content-Type"

http-equiv="x-ua-compatible"

https://decoding.at

Targets

    • Target

      48116c6b904486d50de874c9afe866a2e4f66c1fdbef60ccdae2b440ebe64037

    • Size

      959KB

    • MD5

      aae021c0f8b3d4d319235d1025c1f35d

    • SHA1

      c0893afb208b4ae591e8bf130b5c2077771e7706

    • SHA256

      48116c6b904486d50de874c9afe866a2e4f66c1fdbef60ccdae2b440ebe64037

    • SHA512

      f3fcf2d08fca0a679e08de4912dd4cca5f2aa4af3d500702568c7e6bb53680bfd7dac991126a8cf47faf0d2f8f067a50d123568b5c2a85811e347a0da62855df

    • SSDEEP

      24576:uLjr3s2nScu1i1tz3f++5kRzFxk7rMxNeR1R9qpdGF:Ujrc2So1Ff+B3k796o

    Score
    10/10
    lockbitdefense_evasiondiscoveryevasionexecutionimpactpersistenceransomware

    • Lockbit

      Ransomware family with multiple variants released since late 2019.

      ransomwarelockbit

    • Lockbit family

      lockbit

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Deletes shadow copies

      Ransomware often targets backup files to inhibit system recovery.

      ransomwaredefense_evasionimpactexecution

    • Modifies boot configuration data using bcdedit

      ransomwareevasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

1
T1047

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Direct Volume Access

1
T1006

Indicator Removal

2
T1070

File Deletion

2
T1070.004

Modify Registry

2
T1112

Credential Access

Discovery

Network Service Discovery

1
T1046

Peripheral Device Discovery

1
T1120

Query Registry

2
T1012

Remote System Discovery

1
T1018

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

System Network Configuration Discovery

1
T1016

Internet Connection Discovery

1
T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

1
T1491

Inhibit System Recovery

3
T1490

Tasks