lockbit | exe[.]zip[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

exe.zip.zip
Size

574KB
MD5

02c4edb6ec3af6b6e22bd01d42ebf6d3
SHA1

42a4e149a0db4badb12129a75c282a3306048aec
SHA256

72a18c1e65869e5fce28667ce2b9069f9c180f4af3437193a12566fa1aa9d1a1
SHA512

98b6ed67198bcdeff21ca24ffe30367df4e75919d8ff95bc13eebc5154962f3a8e7e1b8d9355e46de97000c3c12cb862245eeba30f43670352827f1a31c6b89c
SSDEEP

12288:TQlYPJbV4BPprN//xS4RZ4YE86PLVRwtLZkc7ueqZYMLRI7ZspxDM740ARDxF:fJKpZXdOf86RRkdqZPS7CnM7vAnF

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 6 IoCs

resource	yara_rule
static1/unpack002/exe/unimed1.exe	family_lockbit
static1/unpack002/exe/unimed2.exe	family_lockbit
static1/unpack002/exe/unimed3.exe	family_lockbit
static1/unpack002/exe/unimed4.exe	family_lockbit
static1/unpack002/exe/unimed5.exe	family_lockbit
static1/unpack002/exe/unimed6.exe	family_lockbit

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack002/exe/unimed1.exe
unpack002/exe/unimed2.exe
unpack002/exe/unimed3.exe
unpack002/exe/unimed4.exe
unpack002/exe/unimed5.exe
unpack002/exe/unimed6.exe

Files

exe.zip.zip
.zip

Password: infected
exe.zip
.zip

Password: infected
exe/start.bat
exe/unimed1.exe
.exe windows:5 windows x86 arch:x86

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
GetTextColor
SelectPalette
SelectObject
GetTextMetricsW
TextOutW
GetTextCharset
CreateSolidBrush
CreateFontW
SetTextColor
CreateDIBitmap

user32

LoadImageW
GetClassNameW
DialogBoxParamW
CreateDialogParamW

kernel32

GetCommandLineA
GetAtomNameW
LoadLibraryW
GetFileAttributesW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exe/unimed2.exe
.exe windows:5 windows x86 arch:x86

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
GetTextColor
SelectPalette
SelectObject
GetTextMetricsW
TextOutW
GetTextCharset
CreateSolidBrush
CreateFontW
SetTextColor
CreateDIBitmap

user32

LoadImageW
GetClassNameW
DialogBoxParamW
CreateDialogParamW

kernel32

GetCommandLineA
GetAtomNameW
LoadLibraryW
GetFileAttributesW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exe/unimed3.exe
.exe windows:5 windows x86 arch:x86

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
GetTextColor
SelectPalette
SelectObject
GetTextMetricsW
TextOutW
GetTextCharset
CreateSolidBrush
CreateFontW
SetTextColor
CreateDIBitmap

user32

LoadImageW
GetClassNameW
DialogBoxParamW
CreateDialogParamW

kernel32

GetCommandLineA
GetAtomNameW
LoadLibraryW
GetFileAttributesW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exe/unimed4.exe
.exe windows:5 windows x86 arch:x86

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
GetTextColor
SelectPalette
SelectObject
GetTextMetricsW
TextOutW
GetTextCharset
CreateSolidBrush
CreateFontW
SetTextColor
CreateDIBitmap

user32

LoadImageW
GetClassNameW
DialogBoxParamW
CreateDialogParamW

kernel32

GetCommandLineA
GetAtomNameW
LoadLibraryW
GetFileAttributesW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exe/unimed5.exe
.exe windows:5 windows x86 arch:x86

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
GetTextColor
SelectPalette
SelectObject
GetTextMetricsW
TextOutW
GetTextCharset
CreateSolidBrush
CreateFontW
SetTextColor
CreateDIBitmap

user32

LoadImageW
GetClassNameW
DialogBoxParamW
CreateDialogParamW

kernel32

GetCommandLineA
GetAtomNameW
LoadLibraryW
GetFileAttributesW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
exe/unimed6.exe
.exe windows:5 windows x86 arch:x86

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
GetTextColor
SelectPalette
SelectObject
GetTextMetricsW
TextOutW
GetTextCharset
CreateSolidBrush
CreateFontW
SetTextColor
CreateDIBitmap

user32

LoadImageW
GetClassNameW
DialogBoxParamW
CreateDialogParamW

kernel32

GetCommandLineA
GetAtomNameW
LoadLibraryW
GetFileAttributesW

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 102KB - Virtual size: 102KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 102KB - Virtual size: 102KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 5KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 102KB - Virtual size: 102KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 6KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 102KB - Virtual size: 102KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 6KB - Virtual size: 5KB

.reloc Size: 4KB - Virtual size: 4KB

Password: infected

3bc510de773c954bd69d33670cb624d6

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

.text
Size: 102KB - Virtual size: 102KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 102KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 102KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 102KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 102KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 5KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 102KB - Virtual size: 102KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 6KB - Virtual size: 5KB

.reloc
Size: 4KB - Virtual size: 4KB