General
-
Target
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570.zip
-
Size
215KB
-
Sample
250126-r733asvrgp
-
MD5
a90f071ad9bffb4e8761cc6b48c1c3b4
-
SHA1
214bcf3b48114e09508b1e819b79a4b669a35172
-
SHA256
36578e526262b06b1bfeac4297720e3e2d31826ead571e314dd8736328e4eb01
-
SHA512
e2ae4bd47589da5b7bde79074994f401def7bac1fac5cd0e7e4b77b6a6a5695df90f3828d5adf2bd6a4222632321498401b0e59d00e6b20d41ff2b6a532f1a6b
-
SSDEEP
3072:V4P1xzrwAFedrmySvxyjz1t5dUuTRQsfv2oCv/V9ycyp7d1L0hnpQGfUO7AaE9uF:V4P3jFedCvQP1ieQsvCvT+p7dEoOHEC
Malware Config
Extracted
C:\ProgramData\readme.txt
dragonforce
http://3pktcrcbmssvrnwe5skburdwe2h3v6ibdnn5kbjqihsg6eu6s6b7ryqd.onion
http://z3wqggtxft7id3ibr7srivv5gjof5fwg76slewnzwwakjuf3nlhukdid.onion
Targets
-
-
Target
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570.exe
-
Size
418KB
-
MD5
2dd7cd2bf15eec7d62689435fca9c49c
-
SHA1
7db52047c72529d27a39f2e1a9ffb8f1f0ddc774
-
SHA256
01f1e82d4c2b04a4652348fb18bb480396db2229c4fd22d2be1ea58e6bf4a570
-
SHA512
29f9129320d8c1223a7a9a9dde3c0f7f0d28de734aa2c960d3f0a80b64af1f60291e6fa59279cab6a1fecc6e12e9ef565440452c0bb6632c3d28b8c119144389
-
SSDEEP
12288:FnvxplpMAX99S4B009MqyQMKNT7jZBWfAD8xE:FvxplpMAtU4Bl9MdQFT79BWIoS
Score10/10-
DragonForce
Ransomware family based on Lockbit that was first observed in November 2023.
-
Dragonforce family
-
Credentials from Password Stores: Windows Credential Manager
Suspicious access to Credentials History.
-
Drops startup file
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Sets desktop wallpaper using registry
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
2Credentials from Web Browsers
1Windows Credential Manager
1Unsecured Credentials
1Credentials In Files
1