blackmatter | LockBit30[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

LockBit30.zip
Size

883KB
MD5

eb0fc44bc167b51b4a9badfe7ab8be19
SHA1

b2137a18c6fea8b0d34fe93db10a610a8b895c42
SHA256

d2942c6c19e67220d72bfb9a30b019627b950ff0fa8669a475d5730ff5097112
SHA512

14245cccfcddbf8319d6f942e93cb739a48c700463c62f97cfa343245e84eb4b33afda4beb44088252d5fd51ed3c54d91147abac55ae5aa23b5827b6959944c7
SSDEEP

12288:jS6n00zw5jtHfpKTZaNzjsRHaMWHT+sOZOZdYKsqh4EzwkMeWgY1NmyESPB1/a2W:Xnb2ZHB2ZUjqHaMQ8+i9lgYSS5c

Score

10^/10

blackmatter

Malware Config

Extracted

Family

blackmatter

Version

25.239

Signatures

Blackmatter family
blackmatter

Files

LockBit30.zip
.zip
LockBit30/Build.bat
LockBit30/Build/DECRYPTION_ID.txt
LockBit30/Build/LB3.exe
.exe windows x86

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit30/Build/LB3Decryptor.exe
.exe windows x86

4585cfc85e0cd554d6b5d4bf1bb3d5e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableWindow
DialogBoxParamW
SetDlgItemInt
SetSysColors
SetTimer
SetWindowPos
SetWindowTextW
SystemParametersInfoW
EndDialog
SendMessageW
MessageBoxW
LoadIconW
KillTimer
GetDlgItem

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
WaitForMultipleObjects
Sleep
SetThreadPriority
SetFilePointerEx
CloseHandle
CreateFileW
CreateIoCompletionPort
CreateThread
DeleteFileW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushConsoleInputBuffer
GetCommandLineW
GetConsoleWindow
GetDriveTypeW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetLogicalDriveStringsW
GetModuleHandleW
GetProcAddress
GetQueuedCompletionStatus
GetStdHandle
GlobalFree
HeapSetInformation
InterlockedIncrement
IsBadReadPtr
MoveFileExW
PostQueuedCompletionStatus
ReadFile
ResumeThread
SetConsoleTextAttribute
SetConsoleTitleW
SetEndOfFile
SetFileAttributesW

comctl32

InitCommonControls

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHChangeNotify
DragQueryFileW

msvcrt

wcslen
wcsrchr
_getch
_kbhit
_wcsicmp
memcpy
memmove
memset
swprintf
wcscat
wcscpy

advapi32

MD5Update
MD5Init
MD5Final
ConvertSidToStringSidW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW

ntdll

RtlDeleteCriticalSection
RtlDestroyHeap
RtlCreateHeap
RtlFreeHeap
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlReAllocateHeap
NtClose
RtlAllocateHeap
RtlAdjustPrivilege
NtTerminateThread
NtSetInformationThread
NtSetInformationProcess
NtQuerySystemInformation
NtQueryInformationToken
NtOpenProcessToken
NtOpenProcess
NtDuplicateToken
RtlEnterCriticalSection

shlwapi

PathFindFileNameW
PathIsDirectoryEmptyW
PathFindExtensionW
PathFileExistsW
PathIsNetworkPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW

mpr

WNetAddConnection2W
WNetGetUniversalNameW

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit30/Build/LB3_ReflectiveDll_DllMain.dll
.dll windows x86

07530c85f3bf8d18d55bc566a43ea905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

CreateSolidBrush
TextOutW
SetTextColor
SetDCBrushColor
GetPixel
GetDeviceCaps
CreateFontW

user32

GetMessageW
IsDlgButtonChecked
LoadImageW
DefWindowProcW
CreateMenu
CreateWindowExW
DialogBoxParamW

kernel32

GetAtomNameW
SetLastError
GetTickCount
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLocaleInfoW
GetLastError
FreeLibrary
GetFileAttributesW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit30/Build/LB3_Rundll32.dll
.dll windows x86

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
GetTextColor
GetPixel
CreateFontW

user32

GetDlgItemTextW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
EndDialog
DialogBoxParamW
DefWindowProcW
GetClassNameW

kernel32

GetCommandLineW
SetLastError
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
FreeLibrary
FormatMessageW
GetFileAttributesW

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit30/Build/LB3_Rundll32_pass.dll
.dll windows x86

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
GetTextColor
GetPixel
CreateFontW

user32

GetDlgItemTextW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
EndDialog
DialogBoxParamW
DefWindowProcW
GetClassNameW

kernel32

GetCommandLineW
SetLastError
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
FreeLibrary
FormatMessageW
GetFileAttributesW

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit30/Build/LB3_pass.exe
.exe windows x86

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit30/Build/Password_dll.txt
LockBit30/Build/Password_exe.txt
LockBit30/Build/priv.key
LockBit30/Build/pub.key
LockBit30/builder.exe
.exe windows x86

d2e26e45dcb84f1062f90f29a9cf0faa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW

kernel32

LoadResource
WriteFile
CreateFileW
ExitProcess
FindResourceW
GetCommandLineW
GetFileSize
GetModuleHandleW
GlobalFree
SizeofResource
LockResource
ReadFile

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
sprintf
strchr
strcpy
strlen
strstr
wcscat
wcscpy
wcslen
wcsrchr
localeconv
_stricmp
_strcmpi
tolower
realloc
malloc
free
strtod
strncmp

imagehlp

CheckSumMappedFile

ntdll

RtlFreeHeap
RtlAllocateHeap
NtClose
RtlImageNtHeader

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LockBit30/config.json
LockBit30/keygen.exe
.exe windows x86

73eeda700d0a0376845c61c44155f4a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetCurrentDirectoryW
WriteFile
CloseHandle
CreateFileW
ExitProcess
GetCommandLineW
GlobalFree
SetCurrentDirectoryW

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
free
fputc
exit
calloc

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Extracted

Signatures

Files

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 95KB - Virtual size: 95KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

4585cfc85e0cd554d6b5d4bf1bb3d5e4

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

comctl32

shell32

msvcrt

advapi32

ntdll

shlwapi

mpr

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 1024B - Virtual size: 792B

07530c85f3bf8d18d55bc566a43ea905

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 23KB - Virtual size: 24KB

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 3KB - Virtual size: 2KB

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.itext Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 1024B - Virtual size: 792B

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 23KB - Virtual size: 24KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 438KB - Virtual size: 438KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 2KB