lockbit | LockBit-Black-Builder-main[.]zip

Resubmissions

23-05-2024 09:35

240523-lkmh5scb37 10

28-04-2024 14:29

240428-rth5zahg49 10

Sharing

Copy URL

Twitter E-mail

General

Target

LockBit-Black-Builder-main.zip
Size

1.7MB
MD5

4fb693236754d28c43d3123b555ae740
SHA1

d3d6f0aa6068e9b2b9b47875bc13500392494421
SHA256

f566f21f3db0c4a9f421f18e6561279b4dd4c5fd3c32456a6f2e5b927b49719d
SHA512

ba81e0077f8dfbcbe58eda07d5b403089a71d56ae33578ba07abb7101c6254c9a7e042af2c0ede74b12fa142731c0ce638e7a98fd620e910bad7fbbdba710383
SSDEEP

49152:Qm7iJLGvI8SbLm7S8lMA7DAJRxZ73a9VlknZbQT9:6JqgjiL+WEJRx6QZbQh

Score

10^/10

lockbit blackmatter

Malware Config

Extracted

Family

blackmatter

Version

25.239

Extracted

Family

blackmatter

Version

65.239

Signatures

Blackmatter family
blackmatter
Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 8 IoCs

resource	yara_rule
static1/unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3.exe	family_lockbit
static1/unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_Rundll32_pass.dll	family_lockbit
static1/unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_pass.exe	family_lockbit
static1/unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/builder.exe	family_lockbit
static1/unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3.exe	family_lockbit
static1/unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_Rundll32_pass.dll	family_lockbit
static1/unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_pass.exe	family_lockbit
static1/unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/builder.exe	family_lockbit

Unsigned PE 16 IoCs

Checks for missing Authenticode signature.

resource
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3Decryptor.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_ReflectiveDll_DllMain.dll
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_Rundll32.dll
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_Rundll32_pass.dll
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_pass.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/builder.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/keygen.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3Decryptor.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_ReflectiveDll_DllMain.dll
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_Rundll32.dll
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_Rundll32_pass.dll
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_pass.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/builder.exe
unpack001/LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/keygen.exe

Files

LockBit-Black-Builder-main.zip
.zip
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build.bat
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/DECRYPTION_ID.txt
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3.exe
.exe windows:5 windows x86 arch:x86

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3Decryptor.exe
.exe windows:5 windows x86 arch:x86

4585cfc85e0cd554d6b5d4bf1bb3d5e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableWindow
DialogBoxParamW
SetDlgItemInt
SetSysColors
SetTimer
SetWindowPos
SetWindowTextW
SystemParametersInfoW
EndDialog
SendMessageW
MessageBoxW
LoadIconW
KillTimer
GetDlgItem

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
WaitForMultipleObjects
Sleep
SetThreadPriority
SetFilePointerEx
CloseHandle
CreateFileW
CreateIoCompletionPort
CreateThread
DeleteFileW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushConsoleInputBuffer
GetCommandLineW
GetConsoleWindow
GetDriveTypeW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetLogicalDriveStringsW
GetModuleHandleW
GetProcAddress
GetQueuedCompletionStatus
GetStdHandle
GlobalFree
HeapSetInformation
InterlockedIncrement
IsBadReadPtr
MoveFileExW
PostQueuedCompletionStatus
ReadFile
ResumeThread
SetConsoleTextAttribute
SetConsoleTitleW
SetEndOfFile
SetFileAttributesW

comctl32

InitCommonControls

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHChangeNotify
DragQueryFileW

msvcrt

wcslen
wcsrchr
_getch
_kbhit
_wcsicmp
memcpy
memmove
memset
swprintf
wcscat
wcscpy

advapi32

MD5Update
MD5Init
MD5Final
ConvertSidToStringSidW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW

ntdll

RtlDeleteCriticalSection
RtlDestroyHeap
RtlCreateHeap
RtlFreeHeap
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlReAllocateHeap
NtClose
RtlAllocateHeap
RtlAdjustPrivilege
NtTerminateThread
NtSetInformationThread
NtSetInformationProcess
NtQuerySystemInformation
NtQueryInformationToken
NtOpenProcessToken
NtOpenProcess
NtDuplicateToken
RtlEnterCriticalSection

shlwapi

PathFindFileNameW
PathIsDirectoryEmptyW
PathFindExtensionW
PathFileExistsW
PathIsNetworkPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW

mpr

WNetAddConnection2W
WNetGetUniversalNameW

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_ReflectiveDll_DllMain.dll
.dll windows:5 windows x86 arch:x86

07530c85f3bf8d18d55bc566a43ea905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

CreateSolidBrush
TextOutW
SetTextColor
SetDCBrushColor
GetPixel
GetDeviceCaps
CreateFontW

user32

GetMessageW
IsDlgButtonChecked
LoadImageW
DefWindowProcW
CreateMenu
CreateWindowExW
DialogBoxParamW

kernel32

GetAtomNameW
SetLastError
GetTickCount
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetLocaleInfoW
GetLastError
FreeLibrary
GetFileAttributesW

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_Rundll32.dll
.dll windows:5 windows x86 arch:x86

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

SetPixel
SetDCBrushColor
GetTextColor
GetPixel
CreateFontW

user32

GetDlgItemTextW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
EndDialog
DialogBoxParamW
DefWindowProcW
GetClassNameW

kernel32

GetCommandLineW
SetLastError
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
FreeLibrary
FormatMessageW
GetFileAttributesW

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_Rundll32_pass.dll
.dll windows:5 windows x86 arch:x86

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

SetPixel
SetDCBrushColor
GetTextColor
GetPixel
CreateFontW

user32

GetDlgItemTextW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
EndDialog
DialogBoxParamW
DefWindowProcW
GetClassNameW

kernel32

GetCommandLineW
SetLastError
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
FreeLibrary
FormatMessageW
GetFileAttributesW

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/LB3_pass.exe
.exe windows:5 windows x86 arch:x86

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
GetPixel
SelectPalette
SelectObject
GetTextColor
BitBlt
GetDeviceCaps
CreateSolidBrush
CreateFontW
CreateDIBitmap

user32

LoadMenuW
LoadImageW
CreateDialogParamW
CreateWindowExW
DefWindowProcW
GetDlgItem
IsDlgButtonChecked

kernel32

GetLastError
GetProcAddress
GetModuleHandleA
GetLocaleInfoW
FreeLibrary
GetFileAttributesW
GetCommandLineW
GetCommandLineA

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/Password_dll.txt
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/Password_exe.txt
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/priv.key
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/Build/pub.key
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/builder.exe
.exe windows:5 windows x86 arch:x86

d2e26e45dcb84f1062f90f29a9cf0faa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW

kernel32

LoadResource
WriteFile
CreateFileW
ExitProcess
FindResourceW
GetCommandLineW
GetFileSize
GetModuleHandleW
GlobalFree
SizeofResource
LockResource
ReadFile

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
sprintf
strchr
strcpy
strlen
strstr
wcscat
wcscpy
wcslen
wcsrchr
localeconv
_stricmp
_strcmpi
tolower
realloc
malloc
free
strtod
strncmp

imagehlp

CheckSumMappedFile

ntdll

RtlFreeHeap
RtlAllocateHeap
NtClose
RtlImageNtHeader

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 438KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/config.json
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit30/keygen.exe
.exe windows:5 windows x86 arch:x86

73eeda700d0a0376845c61c44155f4a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetCurrentDirectoryW
WriteFile
CloseHandle
CreateFileW
ExitProcess
GetCommandLineW
GlobalFree
SetCurrentDirectoryW

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
free
fputc
exit
calloc

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build.bat
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/DECRYPTION_ID.txt
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3Decryptor.exe
.exe windows:5 windows x86 arch:x86

4585cfc85e0cd554d6b5d4bf1bb3d5e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnableWindow
DialogBoxParamW
SetDlgItemInt
SetSysColors
SetTimer
SetWindowPos
SetWindowTextW
SystemParametersInfoW
EndDialog
SendMessageW
MessageBoxW
LoadIconW
KillTimer
GetDlgItem

kernel32

WriteFile
WriteConsoleW
WaitForSingleObject
WaitForMultipleObjects
Sleep
SetThreadPriority
SetFilePointerEx
CloseHandle
CreateFileW
CreateIoCompletionPort
CreateThread
DeleteFileW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushConsoleInputBuffer
GetCommandLineW
GetConsoleWindow
GetDriveTypeW
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileSizeEx
GetLogicalDriveStringsW
GetModuleHandleW
GetProcAddress
GetQueuedCompletionStatus
GetStdHandle
GlobalFree
HeapSetInformation
InterlockedIncrement
IsBadReadPtr
MoveFileExW
PostQueuedCompletionStatus
ReadFile
ResumeThread
SetConsoleTextAttribute
SetConsoleTitleW
SetEndOfFile
SetFileAttributesW

comctl32

InitCommonControls

shell32

SHGetSpecialFolderPathW
CommandLineToArgvW
SHChangeNotify
DragQueryFileW

msvcrt

wcslen
wcsrchr
_getch
_kbhit
_wcsicmp
memcpy
memmove
memset
swprintf
wcscat
wcscpy

advapi32

MD5Update
MD5Init
MD5Final
ConvertSidToStringSidW
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW

ntdll

RtlDeleteCriticalSection
RtlDestroyHeap
RtlCreateHeap
RtlFreeHeap
RtlInitializeCriticalSection
RtlLeaveCriticalSection
RtlReAllocateHeap
NtClose
RtlAllocateHeap
RtlAdjustPrivilege
NtTerminateThread
NtSetInformationThread
NtSetInformationProcess
NtQuerySystemInformation
NtQueryInformationToken
NtOpenProcessToken
NtOpenProcess
NtDuplicateToken
RtlEnterCriticalSection

shlwapi

PathFindFileNameW
PathIsDirectoryEmptyW
PathFindExtensionW
PathFileExistsW
PathIsNetworkPathW
PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW

mpr

WNetAddConnection2W
WNetGetUniversalNameW

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 792B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_ReflectiveDll_DllMain.dll
.dll windows:5 windows x86 arch:x86

b1826e7d9522633dc1f4953f25424ce3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

CreateDIBitmap
TextOutW
SetTextColor
SetDCBrushColor
GetTextColor
GetTextCharset
GetPixel
BitBlt

user32

CreateDialogParamW
CreateWindowExW
DialogBoxParamW
GetDlgItem
GetDlgItemTextW
GetKeyNameTextW
LoadImageW

kernel32

GetTickCount
SetLastError
LoadLibraryW
LoadLibraryExA
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetLastError

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_Rundll32.dll
.dll windows:5 windows x86 arch:x86

b750c147c0bcc8b349e4f1143ac1432e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetDeviceCaps
SetTextColor
SetPixel
SetDCBrushColor
GetTextMetricsW
GetTextCharset
CreateDIBitmap

user32

CreateMenu
DialogBoxParamW
GetDlgItemTextW
IsDlgButtonChecked

kernel32

GetTickCount
GetProcAddress
GetModuleHandleA
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_Rundll32_pass.dll
.dll windows:5 windows x86 arch:x86

b750c147c0bcc8b349e4f1143ac1432e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetDeviceCaps
SetTextColor
SetPixel
SetDCBrushColor
GetTextMetricsW
GetTextCharset
CreateDIBitmap

user32

CreateMenu
DialogBoxParamW
GetDlgItemTextW
IsDlgButtonChecked

kernel32

GetTickCount
GetProcAddress
GetModuleHandleA
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/LB3_pass.exe
.exe windows:5 windows x86 arch:x86

41fb8cb2943df6de998b35a9d28668e8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

gdi32

SetPixel
SetDCBrushColor
SelectPalette
GetTextColor
GetDeviceCaps
CreateSolidBrush

user32

DefWindowProcW
CreateMenu
EndDialog
GetDlgItem
GetKeyNameTextW
GetMessageW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
DialogBoxParamW

kernel32

SetLastError
LoadLibraryW
GetTickCount
GetLastError
GetCommandLineW
GetCommandLineA
FreeLibrary

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.itext
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/Password_dll.txt
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/Password_exe.txt
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/priv.key
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/Build/pub.key
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/builder.exe
.exe windows:5 windows x86 arch:x86

d2e26e45dcb84f1062f90f29a9cf0faa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

MessageBoxW

kernel32

LoadResource
WriteFile
CreateFileW
ExitProcess
FindResourceW
GetCommandLineW
GetFileSize
GetModuleHandleW
GlobalFree
SizeofResource
LockResource
ReadFile

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
sprintf
strchr
strcpy
strlen
strstr
wcscat
wcscpy
wcslen
wcsrchr
localeconv
_stricmp
_strcmpi
tolower
realloc
malloc
free
strtod
strncmp

imagehlp

CheckSumMappedFile

ntdll

RtlFreeHeap
RtlAllocateHeap
NtClose
RtlImageNtHeader

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 439KB - Virtual size: 438KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/config.json
LockBit-Black-Builder-main/LockBit-Black-Builder-main/LockBit3Builder/keygen.exe
.exe windows:5 windows x86 arch:x86

73eeda700d0a0376845c61c44155f4a8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wsprintfA

kernel32

GetCurrentDirectoryW
WriteFile
CloseHandle
CreateFileW
ExitProcess
GetCommandLineW
GlobalFree
SetCurrentDirectoryW

shell32

CommandLineToArgvW

msvcrt

_wcsicmp
memcpy
memset
free
fputc
exit
calloc

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LockBit-Black-Builder-main/LockBit-Black-Builder-main/README.md

Resubmissions

Sharing

General

Malware Config

Extracted

Extracted

Signatures

Files

914685b69f2ac2ff61b6b0f1883a054d

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 95KB - Virtual size: 95KB

.itext Size: 1KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

4585cfc85e0cd554d6b5d4bf1bb3d5e4

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

comctl32

shell32

msvcrt

advapi32

ntdll

shlwapi

mpr

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 8KB

.rsrc Size: 22KB - Virtual size: 21KB

.reloc Size: 1024B - Virtual size: 792B

07530c85f3bf8d18d55bc566a43ea905

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 23KB - Virtual size: 24KB

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 3KB - Virtual size: 2KB

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.itext Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.pdata Size: 10KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 3KB

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

File Characteristics

Imports

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 22KB - Virtual size: 21KB

.reloc
Size: 1024B - Virtual size: 792B

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 23KB - Virtual size: 24KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 438KB - Virtual size: 438KB

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 2KB

.text
Size: 95KB - Virtual size: 95KB

.itext
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.pdata
Size: 10KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 3KB