legionlocker | 9e3e436d4345c5b6f20bc060d766a7ee0c3ea8c4aebee80d0cfe3481515961a1

General

Target

9e3e436d4345c5b6f20bc060d766a7ee0c3ea8c4aebee80d0cfe3481515961a1
Size

3.2MB
MD5

faeaf4e3d7440fba8482c97cf510baa7
SHA1

6f69dc27f9c3f6fa6d3134cceddaab9d2888bf91
SHA256

9e3e436d4345c5b6f20bc060d766a7ee0c3ea8c4aebee80d0cfe3481515961a1
SHA512

7433a18a2b5b75b8faa8aed88c07bc264b034de048b6aa7063b33758d97e74477226b378905979c2cbaad552cff5df5a9fc136a417e53b2694356b003e700411
SSDEEP

98304:YdCLls4QRa0lgBYPjZc0MycNidipvd6b9MOOH+8CK21lIG1:rsN+0H0idip16JDOiV1

Score

10^/10

Detected LegionLocker ransomware 1 IoCs

Sample contains strings associated with the LegionLocker family.

Processes:

resource	yara_rule
static1/unpack001/LegionLocker.bin	family_legionlocker

9e3e436d4345c5b6f20bc060d766a7ee0c3ea8c4aebee80d0cfe3481515961a1
.zip

Password: infected
LegionLocker.bin
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ