Resubmissions
06/06/2025, 14:39
250606-r1hssabj4x 1006/06/2025, 05:05
250606-fqv5kswxaw 1006/06/2025, 04:54
250606-fjmvmawwe1 1005/06/2025, 17:23
250605-vyd9csfj4z 1005/06/2025, 15:18
250605-spt74sen5t 1005/06/2025, 15:06
250605-sg43cazmv9 1005/06/2025, 15:02
250605-seepnsyyet 1002/06/2025, 10:32
250602-mkxjsayzbv 10General
-
Target
2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit
-
Size
148KB
-
Sample
250602-mkxjsayzbv
-
MD5
cb6845218d57d663976bf1fa2a4d6ddb
-
SHA1
0635c1f6cece23efe1df63de9cb72715c123cbaa
-
SHA256
7855bee142c5abc5a3aa7f58a6a43cfb85df05d94fbb3a07bfe83cb73cf81281
-
SHA512
f0eff1a4c9a338ef2dece334d19fc9ef6ab421722e901ff0200de74e6df55594bca3abc43cebd0753fee47f71143e45097e74472b6e2b8b17e2bb28525ff5ea0
-
SSDEEP
3072:46glyuxE4GsUPnliByocWepVfB4vN2H7/yXHKR9W4cn:46gDBGpvEByocWe3fB2NO7gP4
Behavioral task
behavioral1
Sample
2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe
Resource
win11-20250502-en
Malware Config
Extracted
C:\g0Bwcr1Ri.README.txt
https://qtox.github.io/
Extracted
C:\g0Bwcr1Ri.README.txt
https://qtox.github.io/
Targets
-
-
Target
2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit
-
Size
148KB
-
MD5
cb6845218d57d663976bf1fa2a4d6ddb
-
SHA1
0635c1f6cece23efe1df63de9cb72715c123cbaa
-
SHA256
7855bee142c5abc5a3aa7f58a6a43cfb85df05d94fbb3a07bfe83cb73cf81281
-
SHA512
f0eff1a4c9a338ef2dece334d19fc9ef6ab421722e901ff0200de74e6df55594bca3abc43cebd0753fee47f71143e45097e74472b6e2b8b17e2bb28525ff5ea0
-
SSDEEP
3072:46glyuxE4GsUPnliByocWepVfB4vN2H7/yXHKR9W4cn:46gDBGpvEByocWe3fB2NO7gP4
Score10/10-
Renames multiple (643) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-