General

  • Target

    SecuriteInfo.com.Win64.MalwareX-gen.15593.21621.exe

  • Size

    1006KB

  • Sample

    250422-hd3p1axsd1

  • MD5

    1fc27b282f32c078dd2dfcdcc7696236

  • SHA1

    6c4cc3179cbff8bdec9c80cbbf4fced73822ba3e

  • SHA256

    7ed131e9cf7d7f87b0c7e95e121025f35f526c927e8dda59196c9022870193b1

  • SHA512

    59e176e1e88a0115caf4272e93d3781330052c4305a7ae510fbc56ef76e260a262ace1ee43d93ed09a0099c11faa7a6537f47ace03b1f0f9f9250bfb06fb9f14

  • SSDEEP

    24576:MPIt+AtP8o1BZyiCZvr3O8KsewWkprcLhlxhX6F/FhlxhX6F/k:8s518Jr3BrcNB6ZB62

Malware Config

Extracted

Path

C:\JaGl8xLNG.README.txt

Family

lockbit

Ransom Note
~~~ LockBit 3.0 the world's fastest ransomware since 2019~~~ >>>> Your data are stolen and encrypted The data will be published on TOR website if you do not pay the ransom you need to transfer 1 monero to this account otherwise your files will be deleted forever:87UysM3HKs8K5MqEwXGnSBAECCUMhf6voZQBUJivYcfYCjbKB8iMexrGrAKFd1Nqqp36eusTSvfuxKiXrUWBtqZt2PtqDmp I am a private entrepreneur who uses other people's things. To contact me, write to me at tox:643AEA81DD7E8022CB560BD12B72BF62D93668E05659A2CB23A2F9888FDCBF77E8CB1169D117 >>>> What guarantees that we will not deceive you? We are not a politically motivated group and we do not need anything other than your money. If you pay, we will provide you the programs for decryption and we will delete your data. Life is too short to be sad. Be not sad, money, it is only paper. If we do not give you decrypters, or we do not delete your data after payment, then nobody will pay us in the future. Therefore to us our reputation is very important. We attack the companies worldwide and there is no dissatisfied victim after payment. >>>> Your personal DECRYPTION ID: B7568014A48684D6D525F3F3722638C4 >>>> Warning! Do not DELETE or MODIFY any files, it can lead to recovery problems! >>>> Warning! If you do not pay the ransom we will attack your company repeatedly again!

Targets

    • Target

      SecuriteInfo.com.Win64.MalwareX-gen.15593.21621.exe

    • Size

      1006KB

    • MD5

      1fc27b282f32c078dd2dfcdcc7696236

    • SHA1

      6c4cc3179cbff8bdec9c80cbbf4fced73822ba3e

    • SHA256

      7ed131e9cf7d7f87b0c7e95e121025f35f526c927e8dda59196c9022870193b1

    • SHA512

      59e176e1e88a0115caf4272e93d3781330052c4305a7ae510fbc56ef76e260a262ace1ee43d93ed09a0099c11faa7a6537f47ace03b1f0f9f9250bfb06fb9f14

    • SSDEEP

      24576:MPIt+AtP8o1BZyiCZvr3O8KsewWkprcLhlxhX6F/FhlxhX6F/k:8s518Jr3BrcNB6ZB62

    • Lockbit

      Ransomware family with multiple variants released since late 2019.

    • Lockbit family

    • Renames multiple (665) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

    • Executes dropped EXE

    • Drops desktop.ini file(s)

    • Indicator Removal: File Deletion

      Adversaries may delete files left behind by the actions of their intrusion activity.

    • Drops file in System32 directory

    • Sets desktop wallpaper using registry

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks