lockbit | 80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce[.]zip

General

Target

80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce.zip
Size

160KB
MD5

f9e769e524ba890fd09a9e2fe228ce5c
SHA1

211fec8616bbed2aa981555d4a5c3b983c5dccbd
SHA256

ec09f775116af6539f359dfa49667074a6e610598c9f2f62a151dbb91aa70a92
SHA512

172074fd88eed075f4ff5bcc5901d3efa67e28b6882d244189d34a224ba112b6af499e472127e4992c32461afc98781f281965185772d734f1677faff32dc8ed
SSDEEP

3072:7/NjUj5BHtIihu9Pg7AY2KzItz1jQXrPtDv948n5lA5E1EIkQiDBK2NrbJLwVjeg:7YiY0Ywz1Q9v9lvA5E1alBb+IVK

Score

10^/10

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
static1/unpack001/80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce.exe	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce.exe

80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce.zip
.zip

Password: infected
80e8defa5377018b093b5b90de0f2957f7062144c83a09a56bba1fe4eda932ce.exe
.exe windows x86

Password: infected

a50a0d82b9120fc73965c28fea79e1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SetTextColor
SetPixel
SelectObject
GetTextMetricsW

user32

EndDialog
GetDlgItem
GetDlgItemTextW
GetKeyNameTextW
GetMessageW
LoadMenuW
DialogBoxParamW
CreateWindowExW
CreateDialogParamW
GetClassNameW

kernel32

GetDateFormatW
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
GetLocaleInfoW
GetCommandLineA
FormatMessageW
GetLastError

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE