General
-
Target
SecuriteInfo.com.Win64.MalwareX-gen.22561.9089.exe
-
Size
996KB
-
Sample
250422-kfd6jatpy6
-
MD5
7a84f2668e2be8670c8f9bc4cbe053bb
-
SHA1
0643693ca7e813538fde9f99fb9a190d093f662d
-
SHA256
9a007e70a934bc617f93d4c2ea08f2b7c6238562529bc90d89c990bd7d2983c4
-
SHA512
a298ab87c98cf7d151bfdd43a7194ae44d5c648fc21f8c21941e8ca6097defe2f10bfc918710b10cdb696531d14fb882cf42540651e79473568d037c70c35774
-
SSDEEP
24576:iVoX38bcWaK10TflaolhlxhX6F/FhlxhX6F/k:iKXMoWV1qao/B6ZB62
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.Win64.MalwareX-gen.22561.9089.exe
Resource
win10v2004-20250410-en
Behavioral task
behavioral2
Sample
SecuriteInfo.com.Win64.MalwareX-gen.22561.9089.exe
Resource
win11-20250410-en
Malware Config
Extracted
C:\JaGl8xLNG.README.txt
lockbit
Targets
-
-
Target
SecuriteInfo.com.Win64.MalwareX-gen.22561.9089.exe
-
Size
996KB
-
MD5
7a84f2668e2be8670c8f9bc4cbe053bb
-
SHA1
0643693ca7e813538fde9f99fb9a190d093f662d
-
SHA256
9a007e70a934bc617f93d4c2ea08f2b7c6238562529bc90d89c990bd7d2983c4
-
SHA512
a298ab87c98cf7d151bfdd43a7194ae44d5c648fc21f8c21941e8ca6097defe2f10bfc918710b10cdb696531d14fb882cf42540651e79473568d037c70c35774
-
SSDEEP
24576:iVoX38bcWaK10TflaolhlxhX6F/FhlxhX6F/k:iKXMoWV1qao/B6ZB62
Score10/10-
Lockbit family
-
Renames multiple (637) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-