UNKNOWN
Tags
| attack-pattern: | Data Rundll32 - T1218.011 Tool - T1588.002 Rundll32 - T1085 |
Common Information
| Type | Value |
|---|---|
| UUID | d8a87873-bbb3-4a08-95dc-0021f0c96cea |
| Fingerprint | 77de9f1810af5617 |
| Analysis status | DONE |
| Considered CTI value | 2 |
| Text language | |
| Published | Nov. 30, 2022, midnight |
| Added to db | Jan. 16, 2023, 3:50 p.m. |
| Last updated | Oct. 18, 2024, 5:04 p.m. |
| Headline | UNKNOWN |
| Title | UNKNOWN |
| Detected Hints/Tags/Attributes | 18/1/58 |
Source URLs
URL Provider
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 7 | www.opswat.com |
|
| Details | Domain | 2 | sophos-removal-tool-master.zip |
|
| Details | Domain | 2 | sophoscentralremoval-master.zip |
|
| Details | File | 1 | c:\logs\lbb_rundll32_pass.dll |
|
| Details | File | 1 | c:\users\\downloads\netscan\netscan.exe |
|
| Details | File | 1 | c:\users\\desktop\avremover_nt64_enu.exe |
|
| Details | File | 1 | c:\users\\desktop\backstab64.exe |
|
| Details | File | 1 | c:\users\\downloads\lbb_pass.exe |
|
| Details | File | 1 | ardrv.sys |
|
| Details | File | 1 | c:\users\\downloads\netscan\sd.exe |
|
| Details | File | 1 | c:\logs\lbb_ps1_obfuscated.ps1 |
|
| Details | File | 1 | c:\logs\lbb_ps1_pass.ps1 |
|
| Details | File | 1 | c:\logs\lbb_pass.exe |
|
| Details | File | 1 | c:\logs\avremover_nt64_enu.exe |
|
| Details | File | 1 | c:\logs\backstab_x64.exe |
|
| Details | File | 1 | c:\logs\backstab_x86.exe |
|
| Details | File | 1 | c:\logs\gmer3.exe |
|
| Details | File | 1 | c:\logs\gmer2.exe |
|
| Details | File | 1 | c:\logs\backstab64.exe |
|
| Details | File | 1 | c:\logs\gomer.exe |
|
| Details | File | 1 | c:\desktopcentral\lbb___.zip |
|
| Details | File | 1 | c:\desktopcentral\psp.ps1 |
|
| Details | File | 1 | c:\desktopcentral\ps.ps1 |
|
| Details | File | 1 | c:\users\\downloads\gmer.exe |
|
| Details | File | 1 | c:\users\\downloads\sophos-removal-tool-master.zip |
|
| Details | File | 1 | c:\users\\downloads\sophoscentralremoval-master.zip |
|
| Details | File | 1 | c:\users\\downloads\uninstallscript.ps1 |
|
| Details | File | 1 | c:\users\\downloads\netscan\zam.bat |
|
| Details | File | 1 | c:\users\\downloads\netscan\uninstallsophos.bat |
|
| Details | File | 1 | c:\users\\downloads\netscan\turnoff.bat |
|
| Details | sha256 | 1 | 0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509 |
|
| Details | sha256 | 1 | 168ab5ce440d53ca7397cf3da86d68a67264c6bb0e3f6c8f2066132d6d129bdd |
|
| Details | sha256 | 3 | 18f0898d595ec054d13b02915fb7d3636f65b8e53c0c66b3c7ee3b6fc37d3566 |
|
| Details | sha256 | 1 | 2308cef810b30ccb5be11fc664ce51b41bb6cee703f09d0a348771cf11f4dc9e |
|
| Details | sha256 | 1 | 307eb30c7d3640ca11f564b1dbbb7a133236c3c9b45192ddcb317477a9f54b59 |
|
| Details | sha256 | 1 | 33987ca88cf48f7f9cfd46610f2c46e104f7c13f0285b5c6c2dca2c6290d9df5 |
|
| Details | sha256 | 1 | 35f971f9f84af8f4a42c97d6258c251e213f99741c1cfadfabbd5f1204e5658e |
|
| Details | sha256 | 1 | 372d6d866798495d12b0ce745038fa2da575f22c30b061b948804cfdd8d11224 |
|
| Details | sha256 | 1 | 391a97a2fe6beb675fe350eb3ca0bc3a995fda43d02a7a6046cd48f042052de5 |
|
| Details | sha256 | 1 | 39c363d01fb5cd0ed3eeb17ca47be0280d93a07dda9bc0236a0f11b20ed95b4c |
|
| Details | sha256 | 1 | 4f61f20fa1edfd0ce1de2ca8110c725c9d9c16a9680748c12042a3302054fc72 |
|
| Details | sha256 | 1 | 5043e94612cc5111c07f30968e7bc78e96e277f55262064207a9cd87bc23a343 |
|
| Details | sha256 | 3 | 506f3b12853375a1fbbf85c82ddf13341cf941c5acd4a39a51d6addf145a7a51 |
|
| Details | sha256 | 1 | 7d58338f7e5b4b77459835a2e057a07f81f72991a0e282d079fd5e227f68b5de |
|
| Details | sha256 | 4 | 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce |
|
| Details | sha256 | 2 | 8834c84cfd7e086f74a2ffa5b14ced2c039d78feda4bad610aba1c6bb4a6ce7f |
|
| Details | sha256 | 1 | 90235e199dcb2cd6fa2e68fbfc46f1aa649f2438210fd833b8e7e748b6428ba4 |
|
| Details | sha256 | 1 | 986a88c4053d398624c7736a5f60d2561760b7a532677fc251c8c3dac8f3f60e |
|
| Details | sha256 | 1 | 9a34909703d679b590d316eb403e12e26f73c8e479812f1d346dcba47b44bc6e |
|
| Details | sha256 | 5 | a56b41a6023f828cccaaef470874571d169fdb8f683a75edd430fbd31a2c3f6e |
|
| Details | sha256 | 1 | c6861032317562532c21e373b88efacdc1307c8a3efce8c8992584171157ebed |
|
| Details | sha256 | 1 | c6cf5fd8f71abaf5645b8423f404183b3dea180b69080f53b9678500bab6f0de |
|
| Details | sha256 | 5 | d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee |
|
| Details | sha256 | 12 | e8a3e804a96c716a3e9b69195db6ffb0d33e2433af871e4d4e1eab3097237173 |
|
| Details | sha256 | 1 | f4ab473dcb45beb8cb01ad616422c05a45134c6b028f310f06543e2c33584cef |
|
| Details | sha256 | 1 | fd98e75b65d992e0ccc64e512e4e3e78cb2e08ed28de755c2b192e0b7652c80a |
|
| Details | Url | 1 | https://news.sophos.com/en-us/2022/11/30/lockbit-3-0-black-attacks-and-leaks-reveal-wormable-capabilities-and-tooling |
|
| Details | Url | 1 | https://www.opswat.com/products/oesis-framework |