lockbit | 07926e060b7083bbe639b36e9c79cce23404ba9dcaa58c190ee40d7d415ff96f

General

Target

07926e060b7083bbe639b36e9c79cce23404ba9dcaa58c190ee40d7d415ff96f
Size

102KB
MD5

203cb9773c4d449beae2fcec79f2e54b
SHA1

73c9b4b5ca30d8f41822382f746f48d3a0160030
SHA256

07926e060b7083bbe639b36e9c79cce23404ba9dcaa58c190ee40d7d415ff96f
SHA512

28ca2823e001621ab4a2c0bfa5c72bad1a5d85acb9c04ed5a07eb04730ba15daf45f6b3f4d8a666315b29a7fdd368f3b9abd425657a57e6b62e83aa5646f5987
SSDEEP

1536:EXSuYQEIi1P4ITv7MW2olU4FAFnDCGuketjSDJUP4afyp1n0Q8KQYS6FB0up:J9QS1P4ITv7D2okFnDtuelUP4IGKEJL

Score

10^/10

lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/1f9944ccc4cb956c4eb81e76d51b3cb048b838f2f746e2017d4492abd5e9ed79.exe	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/1f9944ccc4cb956c4eb81e76d51b3cb048b838f2f746e2017d4492abd5e9ed79.exe

07926e060b7083bbe639b36e9c79cce23404ba9dcaa58c190ee40d7d415ff96f
.zip

Password: infected
1f9944ccc4cb956c4eb81e76d51b3cb048b838f2f746e2017d4492abd5e9ed79.exe
.exe windows:5 windows x86 arch:x86

a50a0d82b9120fc73965c28fea79e1f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

TextOutW
SetTextColor
SetPixel
SelectObject
GetTextMetricsW

user32

EndDialog
GetDlgItem
GetDlgItemTextW
GetKeyNameTextW
GetMessageW
LoadMenuW
DialogBoxParamW
CreateWindowExW
CreateDialogParamW
GetClassNameW

kernel32

GetDateFormatW
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
GetLocaleInfoW
GetCommandLineA
FormatMessageW
GetLastError

Sections

.text
Size: 102KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE