lockbit | 2024-04-19_a8bff467b86b1028e7e1805e2d3eb63c_darkside | Triage

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-19_a8bff467b86b1028e7e1805e2d3eb63c_darkside
Size

544KB
MD5

a8bff467b86b1028e7e1805e2d3eb63c
SHA1

2fd7db90c56168fdfb1fcc7708f31e1d3c7302a8
SHA256

31c9976ac8984d96d5fd7b2f5332558ec5a80f587a715226be30e9e58b3e6b15
SHA512

9b2887cd96ac6bc278be981d57470ba00a38bfaabefe54dcc4f1750bb42bb3816b782af28438a64926b1c78c6167997f56ad0e0ebaed3a6b4e20b267bb98d117
SSDEEP

12288:HEVvokb56Di7vX5Qd+m2Kcd+3bwuBzGJNgOcRMBf:Qokb5TJm2tdWwuBaJNaU

Score

10^/10

lockbit

Malware Config

Signatures

Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
sample	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2024-04-19_a8bff467b86b1028e7e1805e2d3eb63c_darkside

Files

2024-04-19_a8bff467b86b1028e7e1805e2d3eb63c_darkside
.exe windows:5 windows x86 arch:x86

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.perses
Size: 258KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ