legionlocker | LegionLocker[.]exe | Triage

Sharing

General

Target

LegionLocker.exe
Size

6.6MB
MD5

9a72a508fcee3de957167a386f173c44
SHA1

55650582fc704d27cd7d95f971b0ddd13dcd9eaf
SHA256

22b1a6c34e47c23083fc1d2e3d01bc9dbd3fd4429e13aad6797ad41313447708
SHA512

fb8073e5d0c14dbe1780bed15b6a492c0db386acb56b834f56eae9d76cf9872dd95396fd8d6d06048864227fcc90f8cae9d7853169536835a183ea2099994262
SSDEEP

98304:YCyQNM7Xbqx2fzKx3W8mmCyQNM7Xbqx2fzKx3W8mF:YtSMfqx2fmx3WZmtSMfqx2fmx3WZF

Score

10^/10

themida ransomware legionlocker

Malware Config

Signatures

Detected LegionLocker ransomware 1 IoCs
Sample contains strings associated with the LegionLocker family.
ransomware

Processes:

resource yara_rule

sample family_legionlocker
Legionlocker family
legionlocker
Themida packer 1 IoCs
Detects Themida, an advanced Windows software protection system.
themida

Processes:

resource yara_rule

sample themida

Files

LegionLocker.exe
.exe windows x86

Code Sign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

Size: 21KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Size: 7KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Size: 15B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.imports
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.themida
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.boot
Size: 3.2MB - Virtual size: 3.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.taggant
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ