Extracted

• • Target

    PackedEncryptor.exe

  • Size

    485KB

  • MD5

    0f30d0d58dcc450cb0b05f1f84916cbb

  • SHA1

    16033c2fe6c2149b8a23f5d7e01d30cdc73687b1

  • SHA256

    14b9941d53f382c49d9ab75b8ec086210c17b19ffac0d071f462c4bfa8b5157a

  • SHA512

    b101e4cd57fbe9e5b1636a9bac0b70f8cd3d4151b40b0c464dc9616fd192efee7e11458ce92d847b1e9879cb6f2eec17838f8d4b437a832c24cc504628d43ea3

  • SSDEEP

    12288:syveQB/fTHIGaPkKEYzURNAgbAggkFLz8qd2:suDXTIGaPhEYzUzAktFX8x

  Score

  10^/10

  lockbitdefense_evasiondiscoveryransomwarespywarestealer

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Lockbit family

    lockbit

  • Rule to detect Lockbit 3.0 ransomware Windows payload

  • Renames multiple (321) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2