General
-
Target
2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit
-
Size
148KB
-
Sample
250602-mmfn2syr13
-
MD5
cb6845218d57d663976bf1fa2a4d6ddb
-
SHA1
0635c1f6cece23efe1df63de9cb72715c123cbaa
-
SHA256
7855bee142c5abc5a3aa7f58a6a43cfb85df05d94fbb3a07bfe83cb73cf81281
-
SHA512
f0eff1a4c9a338ef2dece334d19fc9ef6ab421722e901ff0200de74e6df55594bca3abc43cebd0753fee47f71143e45097e74472b6e2b8b17e2bb28525ff5ea0
-
SSDEEP
3072:46glyuxE4GsUPnliByocWepVfB4vN2H7/yXHKR9W4cn:46gDBGpvEByocWe3fB2NO7gP4
Behavioral task
behavioral1
Sample
2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe
Resource
win10v2004-20250502-en
Behavioral task
behavioral2
Sample
2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit.exe
Resource
win11-20250502-en
Malware Config
Extracted
C:\g0Bwcr1Ri.README.txt
https://qtox.github.io/
Extracted
C:\g0Bwcr1Ri.README.txt
https://qtox.github.io/
Targets
-
-
Target
2025-06-02_cb6845218d57d663976bf1fa2a4d6ddb_darkside_elex_lockbit
-
Size
148KB
-
MD5
cb6845218d57d663976bf1fa2a4d6ddb
-
SHA1
0635c1f6cece23efe1df63de9cb72715c123cbaa
-
SHA256
7855bee142c5abc5a3aa7f58a6a43cfb85df05d94fbb3a07bfe83cb73cf81281
-
SHA512
f0eff1a4c9a338ef2dece334d19fc9ef6ab421722e901ff0200de74e6df55594bca3abc43cebd0753fee47f71143e45097e74472b6e2b8b17e2bb28525ff5ea0
-
SSDEEP
3072:46glyuxE4GsUPnliByocWepVfB4vN2H7/yXHKR9W4cn:46gDBGpvEByocWe3fB2NO7gP4
Score10/10-
Renames multiple (642) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-