SYMBOLCOMMON_NAMEaka. SYNONYMS
win.dragonforce (Back to overview)

DragonForce

According to Idan Malihi, this ransomware is based on the LockBit builder from 2022, utilizing similar configurations and attack methods. The ransomware’s icon and wallpaper are embedded in the binary’s overlay, compressed with Zlib, and loaded dynamically during execution.

References
2025-03-11Idan MalihiIdan Malihi, Yaniv Azran
DragonForce Ransomware: Unveiling Its Tactics and Impact
DragonForce

There is no Yara-Signature yet.