General
-
Target
https://bazaar.abuse.ch/sample/6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417/
-
Sample
250422-vn4fhawlv7
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://bazaar.abuse.ch/sample/6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417/
Resource
win10ltsc2021-20250410-en
Malware Config
Extracted
C:\flzQgniJJ.README.txt
braincipher
http://mybmtbgd7aprdnw2ekxht5qap5daam2wch25coqerrq2zdioanob34ad.onion
Targets
-
-
Target
https://bazaar.abuse.ch/sample/6e07da23603fbe5b26755df5b8fec19cadf1f7001b1558ea4f12e20271263417/
-
Brain Cipher
Ransomware family based on Lockbit that was first observed in June 2024.
-
Braincipher family
-
Lockbit family
-
Rule to detect Lockbit 3.0 ransomware Windows payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
MITRE ATT&CK Enterprise v16
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1