lockbit | LockBit3[.]0 builder [.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

LockBit3.0 builder .rar
Size

158KB
MD5

438e994e567237cd837c7d1ab4cca381
SHA1

6d43e78e66f703a212a33a7fea46191267679fd3
SHA256

f7d05c0e9430ba0621020caad12fa1e8e62acb3bda349cd03240c1938ce7a887
SHA512

cae464209b30e92bb9ed78d5ddc6fe08a1b2aa89e8d70fa0e57a67dadf4c177e88d888ee3fc06351ad4abe54af749e3ae10671dd4953a6e896f1f7c26aaf5524
SSDEEP

3072:slWtN53dw/7+YMflx6m43+T0yw095ZtYxnBLF7rjT+154SIHg2afvX3Y6ZM:sG7tA+YQln43+T0gfivLF/jiXfv4N

Score

10^/10

lockbit blackmatter

Malware Config

Extracted

Family

blackmatter

Version

25.239

Signatures

Blackmatter family
blackmatter
Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
static1/unpack001/LockBit3.0 builder /builder.exe	family_lockbit

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LockBit3.0 builder /builder.exe
unpack001/LockBit3.0 builder /keygen.exe

Files

LockBit3.0 builder .rar
.rar

Password: WARLOCK_DARK_ARMY_OFFICIALS
LockBit3.0 builder /Build.bat
LockBit3.0 builder /builder.exe
.exe windows:5 windows x86 arch:x86

Password: WARLOCK_DARK_ARMY_OFFICIALS

d2e26e45dcb84f1062f90f29a9cf0faa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW

kernel32

LoadResource
WriteFile
CreateFileW
ExitProcess
FindResourceW
GetCommandLineW
GetFileSize
GetModuleHandleW
GlobalFree
SizeofResource
LockResource
ReadFile

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
sprintf
strchr
strcpy
strlen
strstr
wcscat
wcscpy
wcslen
wcsrchr
localeconv
_stricmp
_strcmpi
tolower
realloc
malloc
free
strtod
strncmp

imagehlp

CheckSumMappedFile

ntdll

RtlFreeHeap
RtlAllocateHeap
NtClose
RtlImageNtHeader

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LockBit3.0 builder /config.json
LockBit3.0 builder /keygen.exe
.exe windows:5 windows x86 arch:x86

Password: WARLOCK_DARK_ARMY_OFFICIALS

73eeda700d0a0376845c61c44155f4a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetCurrentDirectoryW
WriteFile
CloseHandle
CreateFileW
ExitProcess
GetCommandLineW
GlobalFree
SetCurrentDirectoryW

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
free
fputc
exit
calloc

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit3.0 builder /readme.txt

Sharing

General

Malware Config

Extracted

Signatures

Files

Password: WARLOCK_DARK_ARMY_OFFICIALS

Password: WARLOCK_DARK_ARMY_OFFICIALS

d2e26e45dcb84f1062f90f29a9cf0faa

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shell32

msvcrt

imagehlp

ntdll

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 8KB - Virtual size: 7KB

.rsrc Size: 438KB - Virtual size: 438KB

Password: WARLOCK_DARK_ARMY_OFFICIALS

73eeda700d0a0376845c61c44155f4a8

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

shell32

msvcrt

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 2KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 438KB - Virtual size: 438KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 2KB