lockbit | Malware[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Malware.zip
Size

18.3MB
MD5

69d7da66b26f3fadf4b24c25afa3aa1d
SHA1

21935ccf77a975f7360346653ea099ab2bc94b55
SHA256

17d66d41a4d7d4433cd5e66893b96c1069fb1c6f45ae6eaeca444aac18406c6f
SHA512

9245ed4dd38a55979c4d08f76b96334ba643bee83ee6991b8c6a2784e36aadae7e19f9da857e1fd2e98a2c322d5026787bdb52656d843e17c31a8f5650a52444
SSDEEP

393216:fmrqlIj+DIKMKv01qpMd8cwAUzy3wFFXjs/3c4WKgs1D3q64jVFX:fYe81qpU6zF9KMdsJcVF

Score

10^/10

ransomware lockbit royal_unix

Malware Config

Signatures

Detects Royal Ransomware payload 1 IoCs

ransomware

resource	yara_rule
static1/unpack004/06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725.elf	royal_unix

Lockbit family
lockbit
Royal_unix family
royal_unix

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
static1/unpack002/02e614c8577ef1d9dc490fd3bda46612d0da56ec1a832caba890041025b1a2f7	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/02e614c8577ef1d9dc490fd3bda46612d0da56ec1a832caba890041025b1a2f7

Files

Malware.zip
.zip

Password: infected
02e614c8577ef1d9dc490fd3bda46612d0da56ec1a832caba890041025b1a2f7.7z
.7z

Password: infected
02e614c8577ef1d9dc490fd3bda46612d0da56ec1a832caba890041025b1a2f7
.exe windows x86

Password: infected

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725.zip
.zip

Password: infected
06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725.elf
.elf linux x64
0d048a01f43f307b5725ff17cf57c367981a1b7a81ee5066f2d74287e09acfa7.zip
.zip

Password: infected
0d048a01f43f307b5725ff17cf57c367981a1b7a81ee5066f2d74287e09acfa7.unknown
.sh linux
10c3b6b03a9bf105d264a8e7f30dcab0a6c59a414529b0af0a6bd9f1d2984459.zip
.zip

Password: infected
10c3b6b03a9bf105d264a8e7f30dcab0a6c59a414529b0af0a6bd9f1d2984459.sh
.sh linux
11ee64adb9d89b5edc898664c719486d0e7382ea9ac46f0c5213b5cd892161fa.zip
.zip

Password: infected
11ee64adb9d89b5edc898664c719486d0e7382ea9ac46f0c5213b5cd892161fa.unknown
.sh linux
1258cbaeb5b858b8dc309a74a591c1cec05a47910c6e4e104eee3064cb3b605c.zip
.zip

Password: infected
1258cbaeb5b858b8dc309a74a591c1cec05a47910c6e4e104eee3064cb3b605c.bat
1c2b09417c1a34bbbcb8366c2c184cf31353acda0180c92f99828554abf65823.zip
.zip

Password: infected
1c2b09417c1a34bbbcb8366c2c184cf31353acda0180c92f99828554abf65823.sh
.sh linux
1d528ccd50a44c0dd679854d6c464b8a17940ab2194fb2c6aa8420e5fd85faa3.zip
.zip
3bab64440c6afc81dbd2c956070ad1196e7b19d5a10ff0615fd9ec06df29a775.zip
.zip
3c392225a76bfde1e5939a05258758d3e93948a961076b977b888921ff19ac15.zip
.zip
597537addd7325e32b5da06c67f925daeeb8ed57e9bf46a9037781d636dac909.zip
.zip
5cddcbbfc70ad65ea677e5ce00ff0f69d5b16ff0e3ef656a5c8a58818a7878e5.zip
.zip
7a15e51e5dc6a9bfe0104f731e7def854abca5154317198dad73f32e1aead740.zip
.zip
7c935dcd672c4854495f41008120288e8e1c144089f1f06a23bd0a0f52a544b1.zip
.zip
8ea33c34647578b79dd8bb7dcf01a8ad1c79e7ada3fd61aca397ed0a2ac57276.zip
.zip
9397b2dc1b47fbc3c49feec22d1b882fcbe5387ca5827341757847e49551327d.zip
.zip
9fa18f686a4f8fbe4d622fa8b0954a0dcf746b8f4fcf9e258ae2c738f4e5a403.zip
.zip
a497aca3c4321e9ed7b437aca33b823a5905b1a6dcc0e52da8f5a5ad38ef48d7.zip
.zip
ac7f7a967077c45264894490ae08626870a514c04d527a974f17210e4046bb8c.zip
.zip
b0ff6f9f0816f44f9a3d04df719dc36f4335997c00ddeceff74cbfcbd1d4868b.zip
.zip
b95ca80c4c5d7c220d678a08d0e7fb2f3bcbbf6464c95878666ae8f4c4ab2826.zip
.zip
bcdf0bd8142a4828c61e775686c9892d89893ed0f5093bdc70bde3e48d04ab99.zip
.zip
c16fc61415f537f42b9d813cd9538898f53865e1f5b46f25db2ab26bad2dffd2.zip
.zip
d08bf78eac265713f13345db7b0f598861c8f314af56fbd15b1474cae6d05935.zip
.zip
e65f4a1e7e6bc124bffa86548818460a0c3804243fa10ae06f9bcd9b7cbf874c.zip
.zip
f864922f947a6bb7d894245b53795b54b9378c0f7633c521240488e86f60c2c5.zip
.zip

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 95KB - Virtual size: 95KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 3KB - Virtual size: 3KB

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

Password: infected

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 3KB - Virtual size: 3KB