← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Old Miner, New Tricks.
WHITE PetrP.73 2025-07-18 Modified: 2025-08-17
91
IOCs
HIGH VOLUME
The investigation into the Lcryx ransomware by the FortiCNAPP team reveals notable overlaps with the H2Miner crypto mining botnet, suggesting a collaborative effort or adaptation by threat actors to enhance financial gain. The Lcryx ransomware, particularly its new variant Lcrypt0rx, is identified as a VBScript-based ransomware first seen in November 2024, exhibiting anomalies indicating potential AI generation. Evidence includes function duplication, erroneous persistence mechanisms, flawed encryption logic, and malformed syntax. These indicators point to poorly optimized code generation and illogical behaviors within its execution.
fortiguard labs threat researchlcrypt0rxh2minerfortinetkinsingfortigatefortimaildisarmxor encryptionh2miner threatui interferencecobalt strikecloudmalwaremaliciouspowershellservice
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
Indicators of Compromise (16 / 91 total)
All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 CVE domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 c948776d57ef6094f6195031ee1b6527ac6cb64e SHA1 of a729410de4dc397d1fb2ab8f7ae560d3 2025-07-18
FileHash-SHA1 029796dc6307efd60d6f8e116781fead10ca05f4 SHA1 of 1bf1efeadedf52c0ed50941b10a2f468 2025-07-18
FileHash-SHA1 0ceb8ffb0be23b808b534d744440f4367e17b9c5 SHA1 of b3039abf2ad5202f4a9363b418002351 2025-07-18
FileHash-SHA1 1818fe2430b141c5d00bcff9f75c1b2889556a13 SHA1 of 1aee8a425ea53c571a16b8efde05ba01 2025-07-18
FileHash-SHA1 36e1e16afc320689d70db6cdac655d58b16ed9ef SHA1 of 0dc2c71ce9c6c34668e9636abf61b1ae 2025-07-18
FileHash-SHA1 38c56b5e1489092b80c9908f04379e5a16876f01 SHA1 of ccef46c7edf9131ccffc47bd69eb743b 2025-07-18
FileHash-SHA1 6bddecb990c7aedc3c92087d56d8ba244fcd5b96 SHA1 of 01e5b2530d4cba34f91c8090d19c92db 2025-07-18
FileHash-SHA1 6feb75ac62120bae1e92ab16184c1eb0b795e4b3 SHA1 of dbc9125192bd1994cbb764f577ba5dda 2025-07-18
FileHash-SHA1 82e6af04eadb5fac25fbb89dc6f020da0f4b6dca SHA1 of 57f0fdec4d919db0bd4576dc84aec752 2025-07-18
FileHash-SHA1 a077fecb7d8f0d78fa6497f1da99a673f1c91455 SHA1 of ff1706b37fea16d75b739a5396d9ffba 2025-07-18
FileHash-SHA1 b3cdf88e64d57dac9812564a83ace2a22ae06828 SHA1 of 2726145d4ef3b34d3c3a566177805c39 2025-07-18
FileHash-SHA1 b901e328769d626ff997af4c10d058cd8d677235 SHA1 of d3884cc519c6855ae20d64264d5f6e93 2025-07-18
FileHash-SHA1 c0927d5930543b01fa60a6f4182678ae9249fd57 SHA1 of b6cd214bb814362694cc48299ebaf0e5 2025-07-18
FileHash-SHA1 c9f8cd6fae17649c545a914614cdb25c456894c7 SHA1 of a7bee104bb486ad0f10331233cc9a9f1 2025-07-18
FileHash-SHA1 ee458e526125d60cc1a387b4163376be8e9bc689 SHA1 of da753ebcfe793614129fc11890acedbc 2025-07-18
FileHash-SHA1 ff903c059593902b6c47ce204794b378c805c46f SHA1 of 44143827116c96f5dcace4f95dff8697 2025-07-18
References (1)
↗ https://www.fortinet.com/blog/threat-research/old-miner-new-tricks