lockbit | e2a0224a81cf7c568679c751a6e540db172c2310d52ca314000ba97b7dfe3870 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e2a0224a81cf7c568679c751a6e540db172c2310d52ca314000ba97b7dfe3870
Size

145KB
MD5

fb46847a33786db349831ceb51fb21b5
SHA1

d9b48df493ef818ccf5702cea307e51466b758f0
SHA256

e2a0224a81cf7c568679c751a6e540db172c2310d52ca314000ba97b7dfe3870
SHA512

ea4c68acbce42f56c6453792c60d6b67def143f8a51110f80e0a68d7d424fdce2147023248e46fceaae8107f4a1aed64a711a04e3e10c9347aeaa305de025602
SSDEEP

3072:sJ86CimiAMXacFU7z8pLB62KqQ57fhSCWFyFpJE4g+DzWfNz6tmZff6bevFIw2:UVCtyTOUapR3qSaF+tmZlvt2

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
sample	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e2a0224a81cf7c568679c751a6e540db172c2310d52ca314000ba97b7dfe3870

Files

e2a0224a81cf7c568679c751a6e540db172c2310d52ca314000ba97b7dfe3870
.dll windows:5 windows x86 arch:x86

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

SetPixel
SetDCBrushColor
GetTextColor
GetPixel
CreateFontW

user32

GetDlgItemTextW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
EndDialog
DialogBoxParamW
DefWindowProcW
GetClassNameW

kernel32

GetCommandLineW
SetLastError
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
FreeLibrary
FormatMessageW
GetFileAttributesW

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE