lockbit | b164588994cade362f326b1bba74af3f0c0a9662adab0bcec720fc659643d540 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b164588994cade362f326b1bba74af3f0c0a9662adab0bcec720fc659643d540
Size

142KB
MD5

57153ef452cd765a7da26bbbb91f792d
SHA1

1f7dd2dfc6d49c1c11d86916a4a5a0c9c7cbb875
SHA256

b164588994cade362f326b1bba74af3f0c0a9662adab0bcec720fc659643d540
SHA512

40f65faa7e2821a09cdd5d07a15d69a63f23b74ddc6c02d90470c3f28f0c2d733e0c97f54546ed4d75d0fd3b984cc16a7fc73855c615585fdd71347889d4d16a
SSDEEP

3072:tlhc+cS9p9UGjJHJey+y3eNtMbAf+7XTUgfoSeDJ+e4qFFus:P6wysJpiy3eNuUf+7wgASeD8Dq/us

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
sample	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b164588994cade362f326b1bba74af3f0c0a9662adab0bcec720fc659643d540

Files

b164588994cade362f326b1bba74af3f0c0a9662adab0bcec720fc659643d540
.exe windows:5 windows x86 arch:x86

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE