Overview

overview

10

Static

static

10

329D6F9DDB...I_I386

ubuntu-18.04-amd64

329D6F9DDB...I_I386

ubuntu-20.04-amd64

329D6F9DDB...I_I386

ubuntu-22.04-amd64

329D6F9DDB...I_I386

ubuntu-24.04-amd64

329D6F9DDB...XI_X64

ubuntu-18.04-amd64

8

329D6F9DDB...XI_X64

ubuntu-20.04-amd64

8

329D6F9DDB...XI_X64

ubuntu-22.04-amd64

8

329D6F9DDB...XI_X64

ubuntu-24.04-amd64

8

Resubmissions

02-01-2025 21:27

250102-1arsfawnat 10

21-12-2024 14:36

241221-ryt32a1mhx 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Builds.7z

  • Size

    1.8MB

  • Sample

    250102-1arsfawnat

  • MD5

    484933f81970182e04f190efe2527da1

  • SHA1

    72f0810a0ab7f1398ba9f0b0916ee97115e79cc4

  • SHA256

    3968a850f5bc70d954bb5609d929f181a6f05a117fa3be4531cbd96cedfde5d6

  • SHA512

    d9d5d96e13201de976d23783e077bb1f95af3946a44bd1347d637893e471eefed5d9b0de4a7d84d8d2040decf8cea4e3de83555b2424e58ebbc1c7eb4881e37a

  • SSDEEP

    49152:bor7D7eZFTWD/gjKZ4FhydMzOoSGSW7TeXY:UfeZFT48HSCilTWB

Score
10/10
lockbitantivmcredential_accessdiscoverylinuxspywarestealer

Malware Config

Targets

    • Target

      329D6F9DDBF138D4/locker_ESXI_I386

    • Size

      108KB

    • MD5

      a720e32658193a7f76be72363fbc919d

    • SHA1

      9b319e460a7000efd92e91a6f1072c4ee211dcda

    • SHA256

      ab8c2aca725df02bfdbfa0f493575e0dacd4467b2d0cd90c9a6acb66cb14d590

    • SHA512

      5f98f776e82c335f3a16deed12d654e7edb42236511c6eb0484fa0957ee7aa839ac85974864183e0be53333a558856ef39a1181839490b9f111a192dc71c2ff7

    • SSDEEP

      3072:5twJNAs5z2NS/P8BRlzWy5BGOiXj0hvYlx1DtqR5YeC:LwJpagWI9OiXQYlx1DtqAe

    Score
    1/10
    behavioral1behavioral2behavioral3behavioral4

    • Target

      329D6F9DDBF138D4/locker_ESXI_X64

    • Size

      93KB

    • MD5

      b76b092f5188ccc8a046ffb4659c3641

    • SHA1

      82e19d8b7bc5379528feb9c3a335d70d79358229

    • SHA256

      dd1cf10faf4e638bb5a0efeeaa4bc2f1c91557c22e93d3f135e7e7c7f0e7be55

    • SHA512

      bf06f2d65f7eca482066da6b1cace219cba2e2ebae0034de3e3bae429a2e821ea2d35a41534d6d9d159ae992ef0b5c5a268a48a05ae1fbb0da69a2122631653f

    • SSDEEP

      1536:Jv8RiloA2YObuLk8WKP/gCILnPG+atNoU+tqRAJy+p4G:1Zl/2Ym8LZOnPG+iNoDtqRaya

    Score
    8/10
    credential_accessdiscoveryspywarestealerantivm

    • Traces remote process

    • Reads user data of web browsers

      Reads stored browser data which can include saved credentials.

      spywarestealercredential_accessdiscovery

    • Reads AppArmor ptrace settings

      Discovery of allowed ptrace capabilities by AppArmor.

      discovery

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

      discovery

    • Reads network interface configuration

      Fetches information about one or more active network interfaces.

      discovery
    behavioral5behavioral6behavioral7behavioral8

MITRE ATT&CK Enterprise v15

Tasks