General
-
Target
2025-01-19_a9ba92d3d2314c980b6483644d7d5f2b_lockbit
-
Size
4.8MB
-
Sample
250119-qnfl8azmcl
-
MD5
a9ba92d3d2314c980b6483644d7d5f2b
-
SHA1
33aff7dc5bbcdad45d3372051101f1d9c57c4182
-
SHA256
8b80b6bc85a04c509fba52d0f271be4bae2f8b2c363ab33a9d4da6634e912d9f
-
SHA512
39aca763b69bacb1afa1ab9af78680a7ca43196b887d41d250db18c2f31d9d7c6b844f10c74c8015fa818c260a60b11f13c7c6a6e3db177b6be73fa46d25b7f8
-
SSDEEP
98304:+5PzgqXr2/nC4/5TlCuGU9G+77/bOtLGeMQg:uHXsntPcM7/bO1+Qg
Static task
static1
Behavioral task
behavioral1
Sample
2025-01-19_a9ba92d3d2314c980b6483644d7d5f2b_lockbit.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
2025-01-19_a9ba92d3d2314c980b6483644d7d5f2b_lockbit.exe
Resource
win10v2004-20241007-en
Malware Config
Targets
-
-
Target
2025-01-19_a9ba92d3d2314c980b6483644d7d5f2b_lockbit
-
Size
4.8MB
-
MD5
a9ba92d3d2314c980b6483644d7d5f2b
-
SHA1
33aff7dc5bbcdad45d3372051101f1d9c57c4182
-
SHA256
8b80b6bc85a04c509fba52d0f271be4bae2f8b2c363ab33a9d4da6634e912d9f
-
SHA512
39aca763b69bacb1afa1ab9af78680a7ca43196b887d41d250db18c2f31d9d7c6b844f10c74c8015fa818c260a60b11f13c7c6a6e3db177b6be73fa46d25b7f8
-
SSDEEP
98304:+5PzgqXr2/nC4/5TlCuGU9G+77/bOtLGeMQg:uHXsntPcM7/bO1+Qg
Score8/10-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops desktop.ini file(s)
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Defense Evasion
Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1