lockbit | a80d30593de634968f48f307872cae672efa109fa4d66fd72eceb314c683399a | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a80d30593de634968f48f307872cae672efa109fa4d66fd72eceb314c683399a
Size

154KB
MD5

f6460fbefe58fc953768bf7d7189b738
SHA1

0692deefe305eda172a71da3d13110748d3f0543
SHA256

a80d30593de634968f48f307872cae672efa109fa4d66fd72eceb314c683399a
SHA512

d7295cdfbc9512bedc14f44268713754b8b12a3be4339ad2b37134462c8d4a03d49e6b7df46f63953095bd1c6f753a2abe68f804a35047f0fc73387c3896e29c
SSDEEP

3072:0Yd8mrIK9a3yy0HMMZ2Zr0Grc0zSgEJF9kVUIPJaQEuyDrR:Xd8kIgu0HMMSr0GrBSfFOiIwQEuyh

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
sample	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a80d30593de634968f48f307872cae672efa109fa4d66fd72eceb314c683399a

Files

a80d30593de634968f48f307872cae672efa109fa4d66fd72eceb314c683399a
.dll windows:5 windows x86 arch:x86

930a126bcc0dea72d6f98c236559a065

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetTextMetricsW
SetTextColor
SetDCBrushColor
SelectPalette
SelectObject
CreateFontW
GetTextColor
GetTextCharset
GetPixel
GetDeviceCaps

user32

LoadMenuW
CreateWindowExW
DialogBoxParamW
EndDialog
GetDlgItem
GetDlgItemTextW
GetKeyNameTextW
GetMessageW
IsDlgButtonChecked
LoadImageW

kernel32

GetDateFormatW
SetLastError
LoadLibraryExA
GetModuleHandleA
GetLocaleInfoW
FormatMessageW
GetCommandLineW
GetCommandLineA
GetAtomNameW

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE