LLTP Locker
Tags
attack-pattern: Data Control Panel - T1218.002 Msbuild - T1127.001 Server - T1583.004 Server - T1584.004 Software - T1592.002
Show in Graph
Common Information
Type Value
UUID 97bbaf67-9b21-4d42-991c-34adaa668499
Fingerprint 7e5c0a7f0565b677
Analysis status DONE
Considered CTI value 0
Text language
Published March 21, 2017, 1 p.m.
Added to db Sept. 26, 2022, 9:32 a.m.
Last updated Nov. 17, 2024, 6:49 p.m.
Headline Шифровальщики-вымогатели The Digest "Crypto-Ransomware"
Title LLTP Locker
Detected Hints/Tags/Attributes 72/1/41
Source URLs
Redirection Url
Details Source http://id-ransomware.blogspot.com/2017/03/lltp-ransomware.html
URL Provider
Details Provider Source level domain
Details blogspot.com id-ransomware.blogspot.com
Attributes
Details Type #Events CTI Value
Details Domain 622 
en.wikipedia.org
Details Domain 54 
mail2tor.com
Details Domain 132 
blockchain.info
Details Domain 162 
localbitcoins.com
Details Domain 27 
coincafe.com
Details Domain 23 
btcdirect.eu
Details Domain 39 
cex.io
Details Domain 15 
coinmama.com
Details Domain 18 
howtobuybitcoins.info
Details Domain 4 
perfectmoney.is
Details Domain 4 
pmbitcoin.com
Details Domain 2 
moniestealer.co.nf
Details Domain 285 
microsoft.net
Details Domain 65 
imgur.com
Details File 367 
readme.txt
Details File 2 
leame.txt
Details File 133 
blockchain.inf
Details File 18 
howtobuybitcoins.inf
Details File 2 
wildlife.wmv
Details File 1 
%temp%\lltprwx86\ и извлекает в неё файл encp.exe
Details File 96 
rar.exe
Details File 2 
encp.exe
Details File 5 
c:\\windows\\system32\\wbem\\wmic.exe
Details File 3 
ransomnote.exe
Details File 2 
vdrevyh.jpg
Details File 1 
lltp.exe
Details File 14 
bg.jpg
Details File 30 
doc.exe
Details File 3 
exe.tmp
Details File 3 
%userprofile%\desktop\readme.txt
Details File 2 
%userprofile%\desktop\leame.txt
Details File 2 
%userprofile%\bg.jpg
Details File 2 
%userprofile%\appdata\local\temp\lltprwx86\encp.exe
Details File 29 
5.exe
Details File 9 
gen.php
Details Url 23 
https://en.wikipedia.org/wiki/rsa_
Details Url 22 
https://blockchain.info
Details Url 4 
https://perfectmoney.is
Details Url 4 
https://pmbitcoin.com/btc
Details Windows Registry Key 2 
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LLTP
Details Windows Registry Key 37 
HKCU\Control