General
-
Target
2025-03-07_c9f9ddc9c5b15abee4fea6cf5ec271bd_derusbi_lockbit_wannacry
-
Size
4.7MB
-
Sample
250307-l7vs2aythy
-
MD5
c9f9ddc9c5b15abee4fea6cf5ec271bd
-
SHA1
9e63d0e79cc4b5b0decb2edc48e86ac106008bb5
-
SHA256
23c4794ca962fc10014553c6104a7a3376daca28eab3b1ac68d9f3730a731364
-
SHA512
2ba741c36c77d8512cad1880d51cf54c9dcf1e7ea1632de13fe853af90262c38a483c0f4227f1038962a92f2a95d72e714cd11b2282be04443bdf688c12f9536
-
SSDEEP
24576:Klxi3JTsw4N98PaPCGh8o0gwvtbxC4673zOQyS5lv3b8aURcAnbDHwKc:Kx467iDSTg
Malware Config
Targets
-
-
Target
2025-03-07_c9f9ddc9c5b15abee4fea6cf5ec271bd_derusbi_lockbit_wannacry
-
Size
4.7MB
-
MD5
c9f9ddc9c5b15abee4fea6cf5ec271bd
-
SHA1
9e63d0e79cc4b5b0decb2edc48e86ac106008bb5
-
SHA256
23c4794ca962fc10014553c6104a7a3376daca28eab3b1ac68d9f3730a731364
-
SHA512
2ba741c36c77d8512cad1880d51cf54c9dcf1e7ea1632de13fe853af90262c38a483c0f4227f1038962a92f2a95d72e714cd11b2282be04443bdf688c12f9536
-
SSDEEP
24576:Klxi3JTsw4N98PaPCGh8o0gwvtbxC4673zOQyS5lv3b8aURcAnbDHwKc:Kx467iDSTg
Score10/10-
Jupyter family
-
Jupyter, SolarMarker
Jupyter is a backdoor and infostealer first seen in mid 2020.
-
Maze
Ransomware family also known as ChaCha.
-
Maze family
-
Drops file in Drivers directory
-
Reads ssh keys stored on the system
Tries to access SSH used by SSH programs.
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2