General
-
Target
2025-04-21_a0efa7fb6dff1e035510ec1f42e083e4_darkside_elex_lockbit
-
Size
147KB
-
Sample
250421-qdv9xsvtft
-
MD5
a0efa7fb6dff1e035510ec1f42e083e4
-
SHA1
3be88df02346df3b4e5f5dc962d3ddf8bba2ddbf
-
SHA256
66160f72ad9521da85a4edd197ce30f12cc38cc2ba53cdfb1017cb99203dba73
-
SHA512
90e3b27c64b3106b70609fbc1a637b09ac8d4b83c88ce3b79462915e23705905cd0786196d7bd570b943f4b57abc7fe373f2fa36cd2a4c76176062c2afc09565
-
SSDEEP
3072:h6glyuxE4GsUPnliByocWepwHVbW0zH1dMeq:h6gDBGpvEByocWeKDr3
Behavioral task
behavioral1
Sample
2025-04-21_a0efa7fb6dff1e035510ec1f42e083e4_darkside_elex_lockbit.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
2025-04-21_a0efa7fb6dff1e035510ec1f42e083e4_darkside_elex_lockbit.exe
Resource
win11-20250410-en
Malware Config
Extracted
C:\bW9pcESV9.README.txt
braincipher
http://vkvsgl7lhipjirmz6j5ubp3w3bwvxgcdbpi3fsbqngfynetqtw4w5hyd.onion
http://77nrxelcwh47yikvpaz2rvtsten4sen2elybo5r5st6wlxsbitv255qd.onion/
Targets
-
-
Target
2025-04-21_a0efa7fb6dff1e035510ec1f42e083e4_darkside_elex_lockbit
-
Size
147KB
-
MD5
a0efa7fb6dff1e035510ec1f42e083e4
-
SHA1
3be88df02346df3b4e5f5dc962d3ddf8bba2ddbf
-
SHA256
66160f72ad9521da85a4edd197ce30f12cc38cc2ba53cdfb1017cb99203dba73
-
SHA512
90e3b27c64b3106b70609fbc1a637b09ac8d4b83c88ce3b79462915e23705905cd0786196d7bd570b943f4b57abc7fe373f2fa36cd2a4c76176062c2afc09565
-
SSDEEP
3072:h6glyuxE4GsUPnliByocWepwHVbW0zH1dMeq:h6gDBGpvEByocWeKDr3
-
Brain Cipher
Ransomware family based on Lockbit that was first observed in June 2024.
-
Braincipher family
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-