Extracted

Extracted

• • Target

    1250ba6f25fd60077f698a2617c15f89d58c1867339bfd9ee8ab19ce9943304b

  • Size

    147KB

  • MD5

    d54bae930b038950c2947f5397c13f84

  • SHA1

    e164bbaf848fa5d46fa42f62402a1c55330ef562

  • SHA256

    1250ba6f25fd60077f698a2617c15f89d58c1867339bfd9ee8ab19ce9943304b

  • SHA512

    81001ae98c5670aaf6c33d5f2ecae1ed20058fa5b1824f0c48fc12d93c5bf7c9cc1ac502e85c9244bdd13682539ff9f343907f2e965e04f910df8144f60fd63d

  • SSDEEP

    3072:e6glyuxE4GsUPnliByocWep6v6JMdoKkgwfHweVg2sp+:e6gDBGpvEByocWe+oKT+g2a+

  Score

  10^/10

  dragonforcedefense_evasiondiscoveryransomwarespywarestealer

  • DragonForce

    Ransomware family based on Lockbit that was first observed in November 2023.

    ransomwaredragonforce

  • Dragonforce family

    dragonforce

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Drops desktop.ini file(s)

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • Drops file in System32 directory

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  behavioral1behavioral2