Extracted

• • Target

    README.txt.lnk

  • Size

    1KB

  • MD5

    e1cff745a65a199bdf9dfebe3f69e3f7

  • SHA1

    8c77e01ceb0ff774a66afa5b7a32b0735e422e9e

  • SHA256

    3b497ec4d80770a5172a72f871528397fde8ea5969aa2c3cde98edb0a6946355

  • SHA512

    7e9204f24290dfdff14200945a31b7d3421122f3fb526845a8250e4325751af5fac226057becf1d0d381f021cca6aae7f6fe0b2d2b517c3441006423de03496c

  Score

  10^/10

  lockbitdefense_evasiondiscoveryransomwarespywarestealer

  • Lockbit

    Ransomware family with multiple variants released since late 2019.

    ransomwarelockbit

  • Lockbit family

    lockbit

  • Rule to detect Lockbit 3.0 ransomware Windows payload

  • Renames multiple (622) files with added filename extension

    This suggests ransomware activity of encrypting all the files on the system.

    ransomware

  • Blocklisted process makes network request

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Legitimate hosting services abused for malware hosting/C2

  • Drops file in System32 directory

  • Sets desktop wallpaper using registry

    ransomware

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2