New LLTP Ransomware Appears to be a Rewritten Venus Locker
Tags
| country: | Spain |
| attack-pattern: | Control Panel - T1218.002 Msbuild - T1127.001 Server - T1583.004 Server - T1584.004 Software - T1592.002 |
Common Information
| Type | Value |
|---|---|
| UUID | bcd908b5-a751-48e4-a6fb-a936aa668d39 |
| Fingerprint | 1752b25b3567b6d5 |
| Analysis status | DONE |
| Considered CTI value | 0 |
| Text language | |
| Published | March 21, 2017, midnight |
| Added to db | Sept. 26, 2022, 9:32 a.m. |
| Last updated | Nov. 17, 2024, 5:57 p.m. |
| Headline | New LLTP Ransomware Appears to be a Rewritten Venus Locker |
| Title | New LLTP Ransomware Appears to be a Rewritten Venus Locker |
| Detected Hints/Tags/Attributes | 83/2/39 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 2 | moniestealer.co.nf |
|
| Details | Domain | 285 | microsoft.net |
|
| Details | Domain | 65 | imgur.com |
|
| Details | Domain | 54 | mail2tor.com |
|
| Details | Domain | 622 | en.wikipedia.org |
|
| Details | Domain | 132 | blockchain.info |
|
| Details | Domain | 162 | localbitcoins.com |
|
| Details | Domain | 27 | coincafe.com |
|
| Details | Domain | 23 | btcdirect.eu |
|
| Details | Domain | 39 | cex.io |
|
| Details | Domain | 15 | coinmama.com |
|
| Details | Domain | 18 | howtobuybitcoins.info |
|
| Details | Domain | 4 | perfectmoney.is |
|
| Details | Domain | 4 | pmbitcoin.com |
|
| Details | File | 2 | wildlife.wmv |
|
| Details | File | 1 | %temp%\lltprwx86\ and extract into it a file called encp.exe |
|
| Details | File | 96 | rar.exe |
|
| Details | File | 2 | encp.exe |
|
| Details | File | 5 | c:\\windows\\system32\\wbem\\wmic.exe |
|
| Details | File | 3 | ransomnote.exe |
|
| Details | File | 2 | leame.txt |
|
| Details | File | 2 | vdrevyh.jpg |
|
| Details | File | 2 | %userprofile%\appdata\local\temp\lltprwx86\encp.exe |
|
| Details | File | 2 | %userprofile%\desktop\leame.txt |
|
| Details | File | 2 | %userprofile%\bg.jpg |
|
| Details | File | 29 | 5.exe |
|
| Details | File | 9 | gen.php |
|
| Details | File | 133 | blockchain.inf |
|
| Details | File | 18 | howtobuybitcoins.inf |
|
| Details | sha256 | 1 | a3b2ad5dc747c533871c691a1f78631063b08549e213e7abbac5e961588d10ea |
|
| Details | sha256 | 1 | 46f8dc86d571a6bda00faade21b719ec82c5a1dda3b0fc54bb053a5004557e2d |
|
| Details | Url | 1 | http://moniestealer.co.nf |
|
| Details | Url | 1 | http://i.imgur.com/vdrevyh.jpg |
|
| Details | Url | 23 | https://en.wikipedia.org/wiki/rsa_ |
|
| Details | Url | 22 | https://blockchain.info |
|
| Details | Url | 4 | https://perfectmoney.is |
|
| Details | Url | 4 | https://pmbitcoin.com/btc |
|
| Details | Windows Registry Key | 2 | HKCU\Software\Microsoft\Windows\CurrentVersion\Run\LLTP |
|
| Details | Windows Registry Key | 37 | HKCU\Control |