Overview

overview

10

Static

static

10

SuperBlack-0xb.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SuperBlack-0xb.zip

  • Size

    93KB

  • Sample

    250404-bwxhdazmx7

  • MD5

    d6b4575717a93e1f4c03e74cade233bb

  • SHA1

    eefe7755c68068e4abd43141f1db9f720b419058

  • SHA256

    19c741f450653c5615be1c0f256a3833f21fb4f97156fcb6e6d943597be776ac

  • SHA512

    2c8262fb19036a306bb1fbec77b75d47fd5c6b77dfd5cddbd474d76c23cbd50262834dc9d12e25cc7aaed6b6fac8b72a23a2467ebdb845c6022702b997e8982b

  • SSDEEP

    1536:DDZGi+JMu6TH/6oU+E+5GkIB+PQJsBtGVfuApQ84ZaNUvPh/du05g5CHWs4qqmvN:DNGLMu0yH+Fy+PQJsB4VGAO84ZMQPh//

Score
10/10
lockbitdefense_evasiondiscoveryransomwarespywarestealer

Malware Config

Extracted

Path

C:\ni8pxbvnx.README.txt

Ransom Note
>>>> Your data are stolen and encrypted! >>>> Sensitive data on your system was DOWNLOADED and it will be PUBLISHED if you refuse to cooperate. Your competitors or law enforcement may get them on the web. Data includes: - Employees personal data, CVs, DL, SSN. - Complete network map including credentials for local and remote services. - Financial information including clients data, bills, budgets, annual reports, bank statements. - Complete datagrams/schemas/drawings for manufacturing in solidworks format - And more... You can request the tree of files that we have. >>>> You need contact us and decrypt one file for free, send a small file for test decryption with your personal DECRYPTION ID to tox chat: >>>> Your personal DECRYPTION ID: 6791ACA56D6F7E5468516161BFA3F854 1)Download and install TOX chat: https://tox.chat 2)Write to this tox id: DED25DCB2AAAF65A05BEA584A0D1BB1D55DD2D8BB4185FA39B5175C60C8DDD0C0A7F8A8EC815 and wait for the answer, we will always answer you. >>>> DO NOT MODIFY FILES YOURSELF. >>>> DO NOT USE THIRD PARTY SOFTWARE TO RESTORE YOUR DATA. >>>> YOU MAY DAMAGE YOUR FILES, IT WILL RESULT IN PERMANENT DATA LOSS. >>>> YOUR DATA IS STRONGLY ENCRYPTED, YOU CAN NOT DECRYPT IT WITHOUT CIPHER KEY.
URLs

https://tox.chat

Targets

    • Target

      SuperBlack-0xb.exe

    • Size

      146KB

    • MD5

      c6c371198124b086a547407a7d36fcc6

    • SHA1

      1a3108ecb72ca0da0c04bd5c29caebee0ffd795d

    • SHA256

      a17f22b67ecf9312bf59c8bb77445969bd6bbe61cf2b5ba98255f6cf30130d8c

    • SHA512

      568da365e16e806593d5bb9ca335a4b1e7585148b29fe131d3fffb45275962991948de6700c28d3afb4302ebbb8570e20781933bdcfb3685cde325b64efc19d5

    • SSDEEP

      1536:szICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDzp6HbSCkHdMBfusRDARJbWUyz:DqJogYkcSNm9V7Dzx19pODObWT

    Score
    10/10
    defense_evasiondiscoveryransomwarespywarestealer

    • Renames multiple (653) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Deletes itself

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

      defense_evasion

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

      ransomware

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks