General
-
Target
2025-04-21_714b31629c37dee57038ca4e52ef65ac_darkside_elex_lockbit
-
Size
147KB
-
Sample
250421-p5y98at1bt
-
MD5
714b31629c37dee57038ca4e52ef65ac
-
SHA1
f9aa5b2dc359f3173ab555944b2fb5a914b45848
-
SHA256
27a3cc834c1cd00ad5378c373d76957998bb54bbcfe67bbf3ae5c7be5a5a66dd
-
SHA512
05f15b7609b862450ddd56181e1f7350d24a81486a7a2d9265e809b1577ee44b65c23c966b9efd3c3c1f836dde47c201c3239132ad921bb1727c5f402bed2187
-
SSDEEP
3072:k6glyuxE4GsUPnliByocWepMf11O4OgfJCCrPPl8rzd:k6gDBGpvEByocWeu1RJpPN6
Behavioral task
behavioral1
Sample
2025-04-21_714b31629c37dee57038ca4e52ef65ac_darkside_elex_lockbit.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
2025-04-21_714b31629c37dee57038ca4e52ef65ac_darkside_elex_lockbit.exe
Resource
win11-20250410-en
Malware Config
Extracted
C:\KUsfyVlDo.README.txt
braincipher
http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion
http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Targets
-
-
Target
2025-04-21_714b31629c37dee57038ca4e52ef65ac_darkside_elex_lockbit
-
Size
147KB
-
MD5
714b31629c37dee57038ca4e52ef65ac
-
SHA1
f9aa5b2dc359f3173ab555944b2fb5a914b45848
-
SHA256
27a3cc834c1cd00ad5378c373d76957998bb54bbcfe67bbf3ae5c7be5a5a66dd
-
SHA512
05f15b7609b862450ddd56181e1f7350d24a81486a7a2d9265e809b1577ee44b65c23c966b9efd3c3c1f836dde47c201c3239132ad921bb1727c5f402bed2187
-
SSDEEP
3072:k6glyuxE4GsUPnliByocWepMf11O4OgfJCCrPPl8rzd:k6gDBGpvEByocWeu1RJpPN6
-
Brain Cipher
Ransomware family based on Lockbit that was first observed in June 2024.
-
Braincipher family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-