216.73.216.133

NotLockBit: A Deep Dive Into the New Ransomware Threat

· Published 19/12/2024 12:57 · Modified 19/12/2024 13:39

Export JSON

Essential information

Published
19/12/2024 12:57
Modified
19/12/2024 13:39
Tags
2024-12-19 aws-abuse cross-platform data exfiltration encryption golang notlockbit ransomware self-deletion
Related entities
5 observables, 1 intrusion sets (apt), 1 malware

Description

is an emerging family that mimics LockBit's behavior while targeting both macOS and Windows systems. Distributed as an x86_64 binary, it showcases advanced capabilities including targeted file , , and mechanisms. The malware gathers system information, generates and encrypts a master key, and writes collected data to text files. It utilizes AWS credentials for , encrypts specific file types while avoiding certain directories, and employs AES . alters the desktop wallpaper and performs after execution. The analysis reveals variations in obfuscation and compilation techniques across samples, highlighting its sophistication and evolving nature in the landscape.

External references