lockbit | 16075657112[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

16075657112.zip
Size

99KB
MD5

97b0bdf1ee9275e0cb4d5a721e2105ef
SHA1

cdefc7259bba55abe19d302b14dcd54dbbdc03bb
SHA256

7500460cfbbaffa3cbe8a303429826e5d1edf657a36cbf4d0319e18fbd2069a8
SHA512

6949630841d1beca677eaee9db83b2b1b3f4005ec4927f30fce4b36e7ddce5824eb9007c6a5fd88a865b2112eaa6db25a132afff9c7eb077544b820f36660437
SSDEEP

1536:c5QO1Mv5fnFcNs4ndcclsGcfn05pzvW9hrwh489m4LZqvS+ntyBHx9zCpKByYj8Z:c5Gf+iQrc/0H7pgFLyBHx9Kkp405s

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
static1/unpack001/6b20857125a5cc6c725c639928695fd8def531621b02cfcbc9b299f94b98f1d6	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6b20857125a5cc6c725c639928695fd8def531621b02cfcbc9b299f94b98f1d6

Files

16075657112.zip
.zip

Password: infected
6b20857125a5cc6c725c639928695fd8def531621b02cfcbc9b299f94b98f1d6
.exe windows:5 windows x86 arch:x86

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
GetTextColor
SelectPalette
SelectObject
GetTextMetricsW
TextOutW
GetTextCharset
CreateSolidBrush
CreateFontW
SetTextColor
CreateDIBitmap

user32

LoadImageW
GetClassNameW
DialogBoxParamW
CreateDialogParamW

kernel32

GetCommandLineA
GetAtomNameW
LoadLibraryW
GetFileAttributesW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ