Overview

overview

10

Static

static

10

e2bda5afc3...07.exe

windows7-x64

9

e2bda5afc3...07.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21842772767.zip

  • Size

    103KB

  • Sample

    250328-hhrtasvlt4

  • MD5

    e27b5ac7a50e6afca59c86fad85babae

  • SHA1

    b8bc61f979e9448c5233c96fa7100f7fb7714a4c

  • SHA256

    b8d3c30751cd8546019b11f9475989c7a2919d7debb4fb5286bcc58077092a3c

  • SHA512

    84af6caf3ec06704f03781babb3e830178ee20bd0908500cff1f28fa25589d1d3435614b9d9d58b619a6199fa8a268f9ec9ec21244205ca5a7c3c56db9a83921

  • SSDEEP

    1536:Cq0BA0ljjIMhbBy9fk1HyveZmxnBfMCaXIyrw+wNblfar0c0br4iKH:YyqjI6BAfAyveZQnLaXdrnw3fsF0btKH

Score
10/10
lockbitdefense_evasiondiscoveryransomware

Malware Config

Targets

    • Target

      e2bda5afc3e70460223a98cd3520e4ab97fd126a48b9fe7d385e1e9730a11407

    • Size

      160KB

    • MD5

      d1986caa455ffa11b46341e837777e52

    • SHA1

      c045c2be676ebba04d7403f3636c7adb685a4011

    • SHA256

      e2bda5afc3e70460223a98cd3520e4ab97fd126a48b9fe7d385e1e9730a11407

    • SHA512

      ea87e4f31a45a4e54c56dc120ce26c369a02af952d0c20411677c4cba4eb442a43b776d094150458a0b72dc65b53ca29fc300739cc56f81c6f7fee5e15043359

    • SSDEEP

      3072:gDDDDDDDDDDDDDDDDDDDE45d/t6sVkgZqltP3368Pu7YlTx6gIB8FrN75DyW:K5d/zugZqll3AYrG+

    Score
    9/10
    defense_evasiondiscoveryransomware

    • Renames multiple (180) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks