General
-
Target
2025-06-04_2a23ed686a701e63091a69dfc3fafe02_darkside_elex_lockbit
-
Size
148KB
-
Sample
250604-atpjbahl4z
-
MD5
2a23ed686a701e63091a69dfc3fafe02
-
SHA1
fe84d77916e44c2981c0161c709c600691279191
-
SHA256
04019c35ffd46d6ada63c4494bc47ad5e1471605f3ee78cdac994c2c4f334bb8
-
SHA512
85a8b46fab0433d19b5ef4705406fddc75cd6a64336b5f1e3dcacead0de8570cb8e0b0371d5146a7cfb4e97f59c7442fffbcc46cddbb7d4a8ba8120ad4aea3d6
-
SSDEEP
3072:H6glyuxE4GsUPnliByocWepNfF5hOZTdkQDhP25J:H6gDBGpvEByocWenhgpkQDhPAJ
Behavioral task
behavioral1
Sample
2025-06-04_2a23ed686a701e63091a69dfc3fafe02_darkside_elex_lockbit.exe
Resource
win10v2004-20250502-en
Malware Config
Extracted
C:\2TltSF038.README.txt
https://getsession.org/download
https://tox.chat/download.html
Targets
-
-
Target
2025-06-04_2a23ed686a701e63091a69dfc3fafe02_darkside_elex_lockbit
-
Size
148KB
-
MD5
2a23ed686a701e63091a69dfc3fafe02
-
SHA1
fe84d77916e44c2981c0161c709c600691279191
-
SHA256
04019c35ffd46d6ada63c4494bc47ad5e1471605f3ee78cdac994c2c4f334bb8
-
SHA512
85a8b46fab0433d19b5ef4705406fddc75cd6a64336b5f1e3dcacead0de8570cb8e0b0371d5146a7cfb4e97f59c7442fffbcc46cddbb7d4a8ba8120ad4aea3d6
-
SSDEEP
3072:H6glyuxE4GsUPnliByocWepNfF5hOZTdkQDhP25J:H6gDBGpvEByocWenhgpkQDhPAJ
Score10/10-
Renames multiple (7957) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Executes dropped EXE
-
Drops desktop.ini file(s)
-
Indicator Removal: File Deletion
Adversaries may delete files left behind by the actions of their intrusion activity.
-
Drops file in System32 directory
-
Sets desktop wallpaper using registry
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-