← Back to Pulse Feed
PULSE DETAIL
The investigation into the Lcryx ransomware by the FortiCNAPP team reveals notable overlaps with the H2Miner crypto mining botnet, suggesting a collaborative effort or adaptation by threat actors to enhance financial gain. The Lcryx ransomware, particularly its new variant Lcrypt0rx, is identified as a VBScript-based ransomware first seen in November 2024, exhibiting anomalies indicating potential AI generation. Evidence includes function duplication, erroneous persistence mechanisms, flawed encryption logic, and malformed syntax. These indicators point to poorly optimized code generation and illogical behaviors within its execution.
MITRE ATT&CK & Malware Families
Indicators of Compromise (91)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | http://176.65.137.203/music-play.exe | — | 2025-07-18 | |
| FileHash-MD5 | a729410de4dc397d1fb2ab8f7ae560d3 | — | 2025-07-18 | |
| FileHash-SHA1 | c948776d57ef6094f6195031ee1b6527ac6cb64e | SHA1 of a729410de4dc397d1fb2ab8f7ae560d3 | 2025-07-18 | |
| FileHash-SHA256 | 622b8d3b012c2f370484f5a669ef369d0655b180fd80bd1bf07061f0c9b5d9a4 | SHA256 of a729410de4dc397d1fb2ab8f7ae560d3 | 2025-07-18 | |
| CVE | CVE-2021-44228 | — | 2025-07-18 | |
| CVE | CVE-2023-32315 | — | 2025-07-18 | |
| CVE | CVE-2023-46604 | — | 2025-07-18 | |
| FileHash-MD5 | 006700e5a2ab05704bbb0c589b88924d | — | 2025-07-18 | |
| FileHash-MD5 | 01e5b2530d4cba34f91c8090d19c92db | — | 2025-07-18 | |
| FileHash-MD5 | 0680df49e1866c86697028ea73d28d28 | — | 2025-07-18 | |
| FileHash-MD5 | 06a482a6096e8ff4499ae69a9c150e92 | — | 2025-07-18 | |
| FileHash-MD5 | 0dc2c71ce9c6c34668e9636abf61b1ae | — | 2025-07-18 | |
| FileHash-MD5 | 1aee8a425ea53c571a16b8efde05ba01 | — | 2025-07-18 | |
| FileHash-MD5 | 1bf1efeadedf52c0ed50941b10a2f468 | — | 2025-07-18 | |
| FileHash-MD5 | 2726145d4ef3b34d3c3a566177805c39 | — | 2025-07-18 | |
| FileHash-MD5 | 44143827116c96f5dcace4f95dff8697 | — | 2025-07-18 | |
| FileHash-MD5 | 57f0fdec4d919db0bd4576dc84aec752 | — | 2025-07-18 | |
| FileHash-MD5 | 6868c280c61c0b1e2ab8bf6792f1eef2 | — | 2025-07-18 | |
| FileHash-MD5 | 9e4f149dae1891f1d22a2cea4f68432e | — | 2025-07-18 | |
| FileHash-MD5 | 9f764ec91535eaf03983b930d9f3bacd | — | 2025-07-18 | |
| FileHash-MD5 | a7bee104bb486ad0f10331233cc9a9f1 | — | 2025-07-18 | |
| FileHash-MD5 | b3039abf2ad5202f4a9363b418002351 | — | 2025-07-18 | |
| FileHash-MD5 | b6cd214bb814362694cc48299ebaf0e5 | — | 2025-07-18 | |
| FileHash-MD5 | ccef46c7edf9131ccffc47bd69eb743b | — | 2025-07-18 | |
| FileHash-MD5 | d3884cc519c6855ae20d64264d5f6e93 | — | 2025-07-18 | |
| FileHash-MD5 | da753ebcfe793614129fc11890acedbc | — | 2025-07-18 | |
| FileHash-MD5 | dbc9125192bd1994cbb764f577ba5dda | — | 2025-07-18 | |
| FileHash-MD5 | f5f2b61b39105a2b1e6e1a5f4a3863ae | — | 2025-07-18 | |
| FileHash-MD5 | ff1706b37fea16d75b739a5396d9ffba | — | 2025-07-18 | |
| FileHash-SHA1 | 029796dc6307efd60d6f8e116781fead10ca05f4 | SHA1 of 1bf1efeadedf52c0ed50941b10a2f468 | 2025-07-18 | |
| FileHash-SHA1 | 0ceb8ffb0be23b808b534d744440f4367e17b9c5 | SHA1 of b3039abf2ad5202f4a9363b418002351 | 2025-07-18 | |
| FileHash-SHA1 | 1818fe2430b141c5d00bcff9f75c1b2889556a13 | SHA1 of 1aee8a425ea53c571a16b8efde05ba01 | 2025-07-18 | |
| FileHash-SHA1 | 36e1e16afc320689d70db6cdac655d58b16ed9ef | SHA1 of 0dc2c71ce9c6c34668e9636abf61b1ae | 2025-07-18 | |
| FileHash-SHA1 | 38c56b5e1489092b80c9908f04379e5a16876f01 | SHA1 of ccef46c7edf9131ccffc47bd69eb743b | 2025-07-18 | |
| FileHash-SHA1 | 6bddecb990c7aedc3c92087d56d8ba244fcd5b96 | SHA1 of 01e5b2530d4cba34f91c8090d19c92db | 2025-07-18 | |
| FileHash-SHA1 | 6feb75ac62120bae1e92ab16184c1eb0b795e4b3 | SHA1 of dbc9125192bd1994cbb764f577ba5dda | 2025-07-18 | |
| FileHash-SHA1 | 82e6af04eadb5fac25fbb89dc6f020da0f4b6dca | SHA1 of 57f0fdec4d919db0bd4576dc84aec752 | 2025-07-18 | |
| FileHash-SHA1 | a077fecb7d8f0d78fa6497f1da99a673f1c91455 | SHA1 of ff1706b37fea16d75b739a5396d9ffba | 2025-07-18 | |
| FileHash-SHA1 | b3cdf88e64d57dac9812564a83ace2a22ae06828 | SHA1 of 2726145d4ef3b34d3c3a566177805c39 | 2025-07-18 | |
| FileHash-SHA1 | b901e328769d626ff997af4c10d058cd8d677235 | SHA1 of d3884cc519c6855ae20d64264d5f6e93 | 2025-07-18 | |
| FileHash-SHA1 | c0927d5930543b01fa60a6f4182678ae9249fd57 | SHA1 of b6cd214bb814362694cc48299ebaf0e5 | 2025-07-18 | |
| FileHash-SHA1 | c9f8cd6fae17649c545a914614cdb25c456894c7 | SHA1 of a7bee104bb486ad0f10331233cc9a9f1 | 2025-07-18 | |
| FileHash-SHA1 | ee458e526125d60cc1a387b4163376be8e9bc689 | SHA1 of da753ebcfe793614129fc11890acedbc | 2025-07-18 | |
| FileHash-SHA1 | ff903c059593902b6c47ce204794b378c805c46f | SHA1 of 44143827116c96f5dcace4f95dff8697 | 2025-07-18 | |
| FileHash-SHA256 | 2b696ba0ea5ea7f35dcd39be430a8880034490f3d1c5f2219fed2d06376a21a3 | SHA256 of 2726145d4ef3b34d3c3a566177805c39 | 2025-07-18 | |
| FileHash-SHA256 | 38058a01b9a8c9b077465fed1bb2c38c33624996ed6a1b6121e31ed3a88b5d20 | SHA256 of 01e5b2530d4cba34f91c8090d19c92db | 2025-07-18 | |
| FileHash-SHA256 | 3a67df40721703c455c6364ff6fda6af4a6df95d0b7bff1a7cebd45cc3f5d1f0 | SHA256 of 1bf1efeadedf52c0ed50941b10a2f468 | 2025-07-18 | |
| FileHash-SHA256 | 3be11178aeb8b6da8a53da8a9cf02f8866f97771fea4871e1a2fa8d06b482f08 | SHA256 of a7bee104bb486ad0f10331233cc9a9f1 | 2025-07-18 | |
| FileHash-SHA256 | 58e1f833c42ca4e14c61475d4bb5232032f27f82a7afa858284ced486324d763 | SHA256 of 1aee8a425ea53c571a16b8efde05ba01 | 2025-07-18 | |
| FileHash-SHA256 | 5e5b5171a95955ecb0fa8f9f1ba66f313165044cc1978a447673c0ac17859170 | SHA256 of 57f0fdec4d919db0bd4576dc84aec752 | 2025-07-18 | |
| FileHash-SHA256 | 65eebea2af3273eec162a424e4f31de06bdd9648500c59aeddbba2d51c40dbe7 | SHA256 of b6cd214bb814362694cc48299ebaf0e5 | 2025-07-18 | |
| FileHash-SHA256 | 6b9e23cb675be370a18a0c4482dc566be28920d4f1cd8ba6b4527f80acf978d3 | SHA256 of dbc9125192bd1994cbb764f577ba5dda | 2025-07-18 | |
| FileHash-SHA256 | 787e2c94e6d9ce5ec01f5cbe9ee2518431eca8523155526d6dc85934c9c5787c | SHA256 of b3039abf2ad5202f4a9363b418002351 | 2025-07-18 | |
| FileHash-SHA256 | 7d31843ce5231c95ce07a609cb4473fe53b95a8d0685df9d666de348d17c69ff | SHA256 of ff1706b37fea16d75b739a5396d9ffba | 2025-07-18 | |
| FileHash-SHA256 | b83852e71c1687fbf29502fb91ed59736d68bd7dd724630d76695fc2c1a15eff | SHA256 of 0dc2c71ce9c6c34668e9636abf61b1ae | 2025-07-18 | |
| FileHash-SHA256 | c38c21120d8c17688f9aeb2af5bdafb6b75e1d2673b025b720e50232f888808a | SHA256 of ccef46c7edf9131ccffc47bd69eb743b | 2025-07-18 | |
| FileHash-SHA256 | c6fbd6896d162a12d9c900056781eb82f44649945808b7b009646b5397bcf6bf | SHA256 of da753ebcfe793614129fc11890acedbc | 2025-07-18 | |
| FileHash-SHA256 | cdfe71f5f359be56fc6fb2b5bfa6c34042cd2e6114a82fa0c3b147106e731d6a | SHA256 of d3884cc519c6855ae20d64264d5f6e93 | 2025-07-18 | |
| FileHash-SHA256 | f89470a8ac72a1be400be28aaf8170a129b776bd9182fbd43548d40ac9ca3251 | SHA256 of 44143827116c96f5dcace4f95dff8697 | 2025-07-18 | |
| URL | http://185.156.72.121/test/exe/random.exe | — | 2025-07-18 | |
| URL | http://185.156.72.96/te4h2nus/index.php | — | 2025-07-18 | |
| URL | http://47.97.113.36:10010/02.08.2022.exe | — | 2025-07-18 | |
| URL | http://78.153.140.66/xmrig.exe | — | 2025-07-18 | |
| URL | http://80.64.18.161/files/6051142952/8QivM1I.exe | — | 2025-07-18 | |
| URL | http://89.208.104.175:5002/ime3.exe | — | 2025-07-18 | |
| URL | http://89.208.104.175:5002/piperpate.exe | — | 2025-07-18 | |
| URL | http://brandihx.run/lowp | — | 2025-07-18 | |
| URL | http://civitasu.run/werrp | — | 2025-07-18 | |
| URL | http://disciplipna.top/eqwu | — | 2025-07-18 | |
| URL | http://exitiumt.digital/xane | — | 2025-07-18 | |
| URL | http://lcryptordecrypt7xfzq5tclm9jzpwq72uofgy2znkdsxm54zbcu2yid.onion | — | 2025-07-18 | |
| URL | http://opusculy.top/keaj | — | 2025-07-18 | |
| URL | http://praetori.live/vepr | — | 2025-07-18 | |
| URL | http://scriptao.digital/vpep | — | 2025-07-18 | |
| URL | http://triremeo.digital/akds | — | 2025-07-18 | |
| URL | http://viriatoe.live/laopx | — | 2025-07-18 | |
| URL | https://207.231.109.252/bin/support.client.exe | f89470a8ac72a1be400be28aaf8170a129b776bd9182fbd43548d40ac9ca3251 | 2025-07-18 | |
| URL | https://s10.krakenfiles.com/uploads/30-04-2025/605q6HLKTv/image.jpg | — | 2025-07-18 | |
| domain | brandihx.run | — | 2025-07-18 | |
| domain | civitasu.run | — | 2025-07-18 | |
| domain | disciplipna.top | — | 2025-07-18 | |
| domain | exitiumt.digital | — | 2025-07-18 | |
| domain | lcryptordecrypt7xfzq5tclm9jzpwq72uofgy2znkdsxm54zbcu2yid.onion | — | 2025-07-18 | |
| domain | opusculy.top | — | 2025-07-18 | |
| domain | praetori.live | — | 2025-07-18 | |
| domain | ragebot.fun | — | 2025-07-18 | |
| domain | scriptao.digital | — | 2025-07-18 | |
| domain | softwareshop.win | — | 2025-07-18 | |
| domain | triremeo.digital | — | 2025-07-18 | |
| domain | viriatoe.live | — | 2025-07-18 | |
| hostname | s10.krakenfiles.com | — | 2025-07-18 |
