lockbit | 0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509 | Triage

Sharing

General

Target

0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509
Size

162KB
MD5

44e8c23bfb649ecf4cb753ec332899dd
SHA1

465f5b6de78ee184f1ee3400e4edaa0e85558d9e
SHA256

0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509
SHA512

81f369f044e3b403aae8789c741cbf16e167a38386ef38c49d57a3c8e568b5b75d881f92881aeb10a918ed449ab89b27d70c2809cd956883660ed0202c0caf51
SSDEEP

3072:NEWBPJgr1sgLFXdJ6Xx7OchgXC6TESq072WHI4nL2knI+eT:N71J4sgLBd0Ocz6TEBmHFnLm+eT

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
sample	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509

Files

0d38f8bf831f1dbbe9a058930127171f24c3df8dae81e6aa66c430a63cbe0509
.exe windows:5 windows x86 arch:x86

a50a0d82b9120fc73965c28fea79e1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SetTextColor
SetPixel
SelectObject
GetTextMetricsW

user32

EndDialog
GetDlgItem
GetDlgItemTextW
GetKeyNameTextW
GetMessageW
LoadMenuW
DialogBoxParamW
CreateWindowExW
CreateDialogParamW
GetClassNameW

kernel32

GetDateFormatW
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
GetLocaleInfoW
GetCommandLineA
FormatMessageW
GetLastError

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE