General
-
Target
SecuriteInfo.com.Win64.MalwareX-gen.15593.21621.exe
-
Size
1006KB
-
Sample
250422-hbyy2a1mv2
-
MD5
1fc27b282f32c078dd2dfcdcc7696236
-
SHA1
6c4cc3179cbff8bdec9c80cbbf4fced73822ba3e
-
SHA256
7ed131e9cf7d7f87b0c7e95e121025f35f526c927e8dda59196c9022870193b1
-
SHA512
59e176e1e88a0115caf4272e93d3781330052c4305a7ae510fbc56ef76e260a262ace1ee43d93ed09a0099c11faa7a6537f47ace03b1f0f9f9250bfb06fb9f14
-
SSDEEP
24576:MPIt+AtP8o1BZyiCZvr3O8KsewWkprcLhlxhX6F/FhlxhX6F/k:8s518Jr3BrcNB6ZB62
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.MalwareX-gen.15593.21621.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.MalwareX-gen.15593.21621.exe
Resource
win11-20250410-en
Malware Config
Extracted
C:\JaGl8xLNG.README.txt
lockbit
Targets
-
-
Target
SecuriteInfo.com.Win64.MalwareX-gen.15593.21621.exe
-
Size
1006KB
-
MD5
1fc27b282f32c078dd2dfcdcc7696236
-
SHA1
6c4cc3179cbff8bdec9c80cbbf4fced73822ba3e
-
SHA256
7ed131e9cf7d7f87b0c7e95e121025f35f526c927e8dda59196c9022870193b1
-
SHA512
59e176e1e88a0115caf4272e93d3781330052c4305a7ae510fbc56ef76e260a262ace1ee43d93ed09a0099c11faa7a6537f47ace03b1f0f9f9250bfb06fb9f14
-
SSDEEP
24576:MPIt+AtP8o1BZyiCZvr3O8KsewWkprcLhlxhX6F/FhlxhX6F/k:8s518Jr3BrcNB6ZB62
Score10/10-
Lockbit family
-
Renames multiple (658) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-