LockBit Ransomware Analysis Notes
Tags
cmtmf-attack-pattern: Masquerading
attack-pattern: Data Direct Model Impersonation - T1656 Malware - T1587.001 Malware - T1588.001 Masquerading - T1655 Msbuild - T1127.001 Python - T1059.006 Sharepoint - T1213.002 Software - T1592.002 Masquerading - T1036 Masquerading
Show in Graph
Common Information
Type Value
UUID 2885c357-d479-4a3a-a24d-480dc952683b
Fingerprint a43a517065698612
Analysis status DONE
Considered CTI value 2
Text language
Published Aug. 17, 2021, 9:41 p.m.
Added to db Sept. 26, 2022, 9:34 a.m.
Last updated Nov. 17, 2024, 6:55 p.m.
Headline LockBit Ransomware Analysis Notes
Title LockBit Ransomware Analysis Notes
Detected Hints/Tags/Attributes 93/2/27
Source URLs
Redirection Url
Details Source https://amgedwageh.medium.com/lockbit-ransomware-analysis-notes-93a542fc8511
Details Source https://medium.com/@amgedwageh/lockbit-ransomware-analysis-notes-93a542fc8511
URL Provider
Details Provider Source level domain
Details medium.com medium.com
Details medium.com amgedwageh.medium.com
Attributes
Details Type #Events CTI Value
Details Domain 179 
www.torproject.org
Details Domain 9 
lockbitks2tvnmwk.onion
Details Domain 9 
bridges.torproject.org
Details Domain 9 
tb-manual.torproject.org
Details File 4 
lockbit.exe
Details File 1 
anghami.exe
Details File 172 
dllhost.exe
Details File 52 
bcrypt.dll
Details File 1260 
explorer.exe
Details File 10 
simply.sys
Details File 351 
recycle.bin
Details File 100 
ntuser.dat.log
Details File 2 
bootsec.bak
Details File 243 
autorun.inf
Details File 143 
thumbs.db
Details File 1 
iconcahce.db
Details File 38 
restore-my-files.txt
Details md5 1 
5761ee98b1c2fea31b5408516a8929ea
Details sha1 1 
4d043df23e55088bfc04c14dfb9ddb329a703cc1
Details sha256 6 
0a937d4fe8aa6cb947b95841c490d73e452a3cafcd92645afc353006786aba76
Details IPv4 198 
1.1.1.1
Details Url 63 
https://www.torproject.org
Details Url 5 
http://lockbitks2tvnmwk.onion/?
Details Url 7 
https://bridges.torproject.org
Details Url 7 
https://tb-manual.torproject.org/about
Details Windows Registry Key 3 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\XO1XADpO01
Details Windows Registry Key 2 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVaersion\Run\XO1XADpO01