lockbit | 643e6e51e42a4274005b853efc80ad54e8f6c8aa113cf415fb8bdebcc7399b84

General

Target

643e6e51e42a4274005b853efc80ad54e8f6c8aa113cf415fb8bdebcc7399b84
Size

142KB
MD5

a23fe0cd95fd358590d2bb681d277f9e
SHA1

e48876d7beffd78e9d877892b29f35a45d28b159
SHA256

643e6e51e42a4274005b853efc80ad54e8f6c8aa113cf415fb8bdebcc7399b84
SHA512

ffd2762b49e26e4072a15d30de4f5eefe4843c8bb987dbcf2a617964f083da790b7fb958a60c46ad967c54dbd884c121b67e49e2bfe4bfba42431156c7b50a1d
SSDEEP

3072:trPn1hcH98P67PBH2G3gFoh3H6J1vVjgQp3RpM1dpbQrQymzUOMgInmwuzqy/FEk:trP1hG98P67PNV3gih3H6J1VjgQp3RpO

Score

10^/10

lockbit blackmatter

Malware Config

Extracted

Family

blackmatter

Version

1.0

Signatures

Blackmatter family
blackmatter
Lockbit family
lockbit

Rule to detect Lockbit 3.0 ransomware Windows payload 1 IoCs

resource	yara_rule
sample	family_lockbit

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
643e6e51e42a4274005b853efc80ad54e8f6c8aa113cf415fb8bdebcc7399b84

Files

643e6e51e42a4274005b853efc80ad54e8f6c8aa113cf415fb8bdebcc7399b84
.dll windows:5 windows x86 arch:x86

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

SetPixel
SetDCBrushColor
GetTextColor
GetPixel
CreateFontW

user32

GetDlgItemTextW
GetWindowTextW
IsDlgButtonChecked
LoadImageW
LoadMenuW
EndDialog
DialogBoxParamW
DefWindowProcW
GetClassNameW

kernel32

GetCommandLineW
SetLastError
LoadLibraryExA
GetTickCount
GetProcAddress
GetModuleHandleW
FreeLibrary
FormatMessageW
GetFileAttributesW

Exports

Exports

del
gdel
gdll
gmod
pmod
sdll
wdll

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.xyz
Size: 512B - Virtual size: 141B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

d5feac3e94d92e4c2e9fe14f1f783fd7

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

user32

kernel32

Exports

Exports

Sections

.text Size: 93KB - Virtual size: 93KB

.itext Size: 2KB - Virtual size: 1KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 40KB - Virtual size: 43KB

.xyz Size: 512B - Virtual size: 141B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 93KB - Virtual size: 93KB

.itext
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 40KB - Virtual size: 43KB

.xyz
Size: 512B - Virtual size: 141B

.reloc
Size: 4KB - Virtual size: 3KB