lockbit | 339dafb1b876d451d5da0259e1e88de10d2199424471f40747e580d6534d017a | Triage

Submit
Reports

Overview

overview

Static

static

2024-06-03...de.exe

windows7-x64

9

2024-06-03...de.exe

windows10-2004-x64

9

Sharing

General

Target

2024-06-03_4ef095e37b47d14c577e27bc72dddbcb_darkside
Size

147KB
Sample

240603-be148sde8x
MD5

4ef095e37b47d14c577e27bc72dddbcb
SHA1

eefb904a1806137849756aab0e9789c9c9231281
SHA256

339dafb1b876d451d5da0259e1e88de10d2199424471f40747e580d6534d017a
SHA512

ee41879e910739a15cc0f520b19c0362714368bedd2ee9940b8a561aff676c864d5f1699f6f227e8fc7730469e54b9dded16095eeab88dc9bcbe739f95d9eedb
SSDEEP

1536:DzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDSQve0jUgQVUQUmOk3GbN07XEUk:cqJogYkcSNm9V7DE/JNUmOWGzT

Score

10^/10

lockbit ransomware

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

2024-06-03_4ef095e37b47d14c577e27bc72dddbcb_darkside.exe

Resource

win7-20240508-en

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

2024-06-03_4ef095e37b47d14c577e27bc72dddbcb_darkside.exe

Resource

win10v2004-20240508-en

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Targets

- Target
  
  2024-06-03_4ef095e37b47d14c577e27bc72dddbcb_darkside
- Size
  
  147KB
- MD5
  
  4ef095e37b47d14c577e27bc72dddbcb
- SHA1
  
  eefb904a1806137849756aab0e9789c9c9231281
- SHA256
  
  339dafb1b876d451d5da0259e1e88de10d2199424471f40747e580d6534d017a
- SHA512
  
  ee41879e910739a15cc0f520b19c0362714368bedd2ee9940b8a561aff676c864d5f1699f6f227e8fc7730469e54b9dded16095eeab88dc9bcbe739f95d9eedb
- SSDEEP
  
  1536:DzICS4AAwczUUf8y8gvMH+1zGSNAojMP95D1xDSQve0jUgQVUQUmOk3GbN07XEUk:cqJogYkcSNm9V7DE/JNUmOWGzT
Score

9^/10

ransomware
- Renames multiple (155) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Drops desktop.ini file(s)
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

© 2018-2024

Terms | Privacy