lockbit | 458455e84390b7cdcc4008e104717ef1255245707e3329978a22e0129374d898 | Triage

Submit
Reports

Overview

overview

Static

static

458455e843...98.exe

windows11-21h2-x64

9

Resubmissions

02-01-2025 17:33

250102-v45y9ssmhk 10

02-01-2025 16:44

250102-t82lza1nfk 10

Sharing

General

Target

458455e84390b7cdcc4008e104717ef1255245707e3329978a22e0129374d898
Size

160KB
Sample

250102-v45y9ssmhk
MD5

f33a0c04a1984e22cf953cc811f6d4cf
SHA1

90eb7457e9952738195f7203bdde11ee8a77c8ba
SHA256

458455e84390b7cdcc4008e104717ef1255245707e3329978a22e0129374d898
SHA512

e241c70576f99f84575a05c5d1e9a112e91d3ebb1578d364dac1a0f5d25a8c7fff82ca8aa5e1a5598e7e0800c149f4c648630b41a6ae790e37713040d802d5fb
SSDEEP

3072:vDDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP3368+QBVBuEsMeUI/EQ9BW:R5d/zugZqll3LHVeVB

Score

10^/10

lockbit defense_evasion discovery ransomware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

458455e84390b7cdcc4008e104717ef1255245707e3329978a22e0129374d898.exe

Resource

win11-20241007-en

defense_evasion discovery ransomware

windows11-21h2-x64

17 signatures

150 seconds

Malware Config

Targets

- Target
  
  458455e84390b7cdcc4008e104717ef1255245707e3329978a22e0129374d898
- Size
  
  160KB
- MD5
  
  f33a0c04a1984e22cf953cc811f6d4cf
- SHA1
  
  90eb7457e9952738195f7203bdde11ee8a77c8ba
- SHA256
  
  458455e84390b7cdcc4008e104717ef1255245707e3329978a22e0129374d898
- SHA512
  
  e241c70576f99f84575a05c5d1e9a112e91d3ebb1578d364dac1a0f5d25a8c7fff82ca8aa5e1a5598e7e0800c149f4c648630b41a6ae790e37713040d802d5fb
- SSDEEP
  
  3072:vDDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP3368+QBVBuEsMeUI/EQ9BW:R5d/zugZqll3LHVeVB
Score

9^/10

defense_evasion discovery ransomware
- Renames multiple (171) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Deletes itself
- Executes dropped EXE
- Drops desktop.ini file(s)
- Indicator Removal: File Deletion
  Adversaries may delete files left behind by the actions of their intrusion activity.
  defense_evasion
- Sets desktop wallpaper using registry
  ransomware
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

File Deletion

Modify Registry

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

Tasks

static1

behavioral1

defense_evasiondiscoveryransomware

© 2018-2025

Terms | Privacy