lockbit | 10446312133[.]zip

Resubmissions

17/05/2023, 13:36

230517-qwl4zafc27 10

17/05/2023, 13:19

230517-qkva7seb8y 10

Sharing

Copy URL Twitter E-mail

General

Target

10446312133.zip
Size

139KB
MD5

ac6526600201a380840072faedf75922
SHA1

2462558d7e8233d9bbede697b925e1b6043f9e0c
SHA256

f6596d598e5a84aa45c23c64c692d147119510d729c68c3296aaac5c081272b3
SHA512

604c2e039c9bc43fcf0632944ec950c61f30afaa7c09f2c4e68456388fdaa2d0e3db942b3723aaaa42e6580d076446f216ab7223ea51a7dbe98afeb2aa0b7533
SSDEEP

3072:hlWTjYEs8V4O0qN+VejTgjF30Q1qaJbPv6Gx3RWa5zzXce:4XuFf+l/a5v6GhRpzz3

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
static1/unpack001/a5bd8269754d128fb6089ed3997201f9033ba11e9943c187e116bf4919d1f98e	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/a5bd8269754d128fb6089ed3997201f9033ba11e9943c187e116bf4919d1f98e

Files

10446312133.zip
.zip

Password: infected
a5bd8269754d128fb6089ed3997201f9033ba11e9943c187e116bf4919d1f98e
.dll windows x86

Password: infected

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
GetTextColor
GetPixel
CreateFontW

user32

GetDlgItemTextW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
EndDialog
DialogBoxParamW
DefWindowProcW
GetClassNameW

kernel32

GetCommandLineW
SetLastError
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
FreeLibrary
FormatMessageW
GetFileAttributesW

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Resubmissions

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.itext Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 3KB - Virtual size: 2KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 3KB - Virtual size: 2KB