lockbit | d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee[.]zip

General

Target

d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.zip
Size

102KB
MD5

e428f7cb7b5125868658509e48731846
SHA1

a7850bf78c94900749cea54067164df9f447b5ca
SHA256

b1628f275c26ab687e070739dc5c8a01538139b604fbeaa428dfd486e41feb0f
SHA512

6d6681132ec1bf84b1641868206a0420e6348dce61df20831ee4c6626089dad2c0f0d594a2f69399f4368ce6546d4f7f70b0788d2dc12a3ab7890e3d0595b8c0
SSDEEP

3072:wQi3HEQcizfQ3bmuLUmAnmIErR2elkhqPKyI26m:wQitcy/AQQk4khz26m

Score

10^/10

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
static1/unpack001/d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.exe	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.exe

d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.zip
.zip

Password: infected
d61af007f6c792b8fb6c677143b7d0e2533394e28c50737588e40da475c040ee.exe
.exe windows x86

Password: infected

a50a0d82b9120fc73965c28fea79e1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SetTextColor
SetPixel
SelectObject
GetTextMetricsW

user32

EndDialog
GetDlgItem
GetDlgItemTextW
GetKeyNameTextW
GetMessageW
LoadMenuW
DialogBoxParamW
CreateWindowExW
CreateDialogParamW
GetClassNameW

kernel32

GetDateFormatW
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
GetLocaleInfoW
GetCommandLineA
FormatMessageW
GetLastError

Sections

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE